Every CVE whose affected-product data names Netfortris Trixbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2017-14535 — CVSS 8.8 (high): trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
CVE-2014-5112 — CVSS 7.5 (high): maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang…
CVE-2010-0702 — CVSS 7.5 (high): SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary…
CVE-2014-5109 — CVSS 7.5 (high): SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute…
CVE-2020-7351 — CVSS 7.3 (high): An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to…
CVE-2017-14537 — CVSS 6.5 (medium): trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to…
CVE-2017-14536 — CVSS 5.4 (medium): trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
CVE-2014-5111 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the…
CVE-2014-5110 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web…
CVE-2007-6424 — CVSS 4.3 (medium): registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote…