CVE-2007-2350

Name of the Vulnerable Software and Affected Versions freePBX versions 2.2.x

Description The issue allows remote authenticated administrators to execute arbitrary commands. This is achieved by injecting shell metacharacters in the del parameter of the admin/config.php file in the music-on-hold module.

Recommendations For freePBX versions 2.2.x, consider restricting access to the music-on-hold module until a patch is available. As a temporary workaround, avoid using the del parameter in the admin/config.php file to minimize the risk of exploitation.