CVE-2014-9001

Name of the Vulnerable Software and Affected Versions Incredible PBX version 11 2.0.6.5.0

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the APPTMIN, APPTHR, APPTDA, APPTMO, APPTYR, or APPTPHONE parameters in the reminders/index.php file.

Recommendations For Incredible PBX version 11 2.0.6.5.0, as a temporary workaround, consider restricting access to the reminders/index.php file until a patch is available. Avoid using the parameters APPTMIN, APPTHR, APPTDA, APPTMO, APPTYR, or APPTPHONE in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.