CVE-2007-6424 in Trixboxinfo

Summary

registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

12/18/2007

Disclosure

12/18/2007

Moderation

VulDB entry created

Entries

1: VDB-40102

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

5.3

EPSS

0.00783

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-6424
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-6424
CVE Details	https://www.cvedetails.com/cve/CVE-2007-6424/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!