CVE-2018-5780: Code Injection
First published: Wed Mar 14 2018(Updated: )
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel Connect ONSITE | <=r1711-prem | |
| Mitel St14.2 | <=ga28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5780?
CVE-2018-5780 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2018-5780?
To mitigate CVE-2018-5780, upgrade to Mitel Connect ONSITE versions later than R1711-PREM or Mitel ST 14.2 versions later than GA28.
Who is affected by CVE-2018-5780?
CVE-2018-5780 affects users of Mitel Connect ONSITE versions R1711-PREM and earlier, as well as Mitel ST 14.2 versions GA28 and earlier.
What kind of attack does CVE-2018-5780 enable?
CVE-2018-5780 enables unauthenticated attackers to inject PHP code through specially crafted requests to the vnewmeeting.php page.
Is authentication required to exploit CVE-2018-5780?
No, CVE-2018-5780 can be exploited by unauthenticated attackers, making it particularly dangerous.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mitel
- canonical/mitel connect onsite
- version/mitel connect onsite/r1711-prem
- canonical/mitel st14.2
- version/mitel st14.2/ga28