CVE-2024-24386

Name of the Vulnerable Software and Affected Versions VitalPBX versions 3.2.4 through 3.2.5

Description The issue is related to insufficient protection of service data when processing a script from the /var/lib/vitalpbx directory, allowing an attacker to execute arbitrary code via a crafted payload. This can enable a remote attacker to execute arbitrary commands.

Recommendations For VitalPBX versions 3.2.4 through 3.2.5, as a temporary workaround, consider restricting access to the /var/lib/vitalpbx/scripts folder to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.