Palosanto Elastix vulnerabilities
2 known vulnerabilities affecting palosanto/elastix.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-1875P3HIGHCVSS 7.5PoC≤ 2.5.02015-03-11
CVE-2015-1875 [HIGH] CWE-89 CVE-2015-1875: SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier al
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.
nvd
CVE-2010-1492P4MEDIUMCVSS 5.0v1.6.02010-04-23
CVE-2010-1492 [MEDIUM] CWE-22 CVE-2010-1492: Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to
Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd