Vitalpbx · Vitalpbx · CVE-2024-24386
**Name of the Vulnerable Software and Affected Versions**
VitalPBX versions 3.2.4 through 3.2.5
**Description**
The issue is related to insufficient protection of service data when processing a script from the /var/lib/vitalpbx directory, allowing an attacker to execute arbitrary code via a crafted payload. This can enable a remote attacker to execute arbitrary commands.
**Recommendations**
For VitalPBX versions 3.2.4 through 3.2.5, as a temporary workaround, consider restricting access to the /var/lib/vitalpbx/scripts folder to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.