CVE-2018-5782 in Connect ONSITE
Summary
by MITRE
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/04/2025
The vulnerability identified as CVE-2018-5782 resides within the conferencing functionality of Mitel Connect ONSITE and Mitel ST systems, representing a critical security flaw that undermines the integrity of these communication platforms. This issue affects specific versions including R1711-PREM and earlier releases of Mitel Connect ONSITE, alongside Mitel ST 14.2 release GA28 and earlier versions, creating a widespread risk across deployed enterprise communication infrastructures. The vulnerability manifests through the vsethost.php page which serves as an entry point for malicious input processing, making it a prime target for exploitation by threat actors seeking unauthorized access to these systems.
The technical nature of this vulnerability stems from inadequate input validation mechanisms within the affected software components, specifically failing to properly sanitize user-supplied data before processing. This weakness creates a path for code injection attacks where an unauthenticated attacker can craft malicious HTTP requests containing PHP code fragments that are subsequently executed by the vulnerable application. The flaw directly maps to CWE-94, which describes "Improper Control of Generation of Code ('Code Injection')" and represents a classic server-side code injection vulnerability that allows arbitrary code execution. The vulnerability operates at the application layer where user input is directly interpreted and executed without proper sanitization or context validation, enabling attackers to bypass authentication requirements entirely.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete control over the affected systems within the application context. Successful exploitation allows adversaries to execute arbitrary PHP commands, potentially leading to full system compromise, data exfiltration, or service disruption. Attackers could leverage this vulnerability to install backdoors, modify system configurations, access sensitive communication data, or use the compromised systems as launching points for lateral movement within network environments. The unauthenticated nature of the attack means that any external party can exploit this weakness without requiring valid credentials, making it particularly dangerous for enterprise communication platforms that often serve as critical infrastructure components.
Organizations affected by CVE-2018-5782 should implement immediate mitigations including applying official patches from Mitel, which address the input validation deficiencies in the vsethost.php component. Network segmentation and firewall rules should be configured to restrict access to vulnerable endpoints, while monitoring systems should be enhanced to detect suspicious request patterns targeting the affected page. The vulnerability aligns with ATT&CK technique T1059.007 for "Command and Scripting Interpreter: PHP" and represents a common attack vector that threat actors frequently exploit in enterprise environments. Security teams should also conduct comprehensive vulnerability assessments to identify any other potential code injection points within the communication infrastructure and implement proper input sanitization measures across all application components to prevent similar issues from occurring in the future.