CVE-2018-5781: Code Injection
First published: Wed Mar 14 2018(Updated: )
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel Connect ONSITE | <=r1711-prem | |
| Mitel St14.2 | <=ga28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5781?
CVE-2018-5781 has a severity rating that allows unauthenticated attackers to exploit a PHP code injection vulnerability.
How do I fix CVE-2018-5781?
To fix CVE-2018-5781, upgrade to Mitel Connect ONSITE versions later than R1711-PREM or Mitel ST 14.2 versions after GA28.
Who is affected by CVE-2018-5781?
CVE-2018-5781 affects users of Mitel Connect ONSITE versions R1711-PREM and earlier, as well as Mitel ST 14.2 versions GA28 and earlier.
What type of vulnerability is CVE-2018-5781?
CVE-2018-5781 is a PHP code injection vulnerability that can be exploited through crafted requests.
Can CVE-2018-5781 be exploited remotely?
Yes, CVE-2018-5781 can be exploited remotely by unauthenticated users through specific requests.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/mitel
- canonical/mitel connect onsite
- version/mitel connect onsite/r1711-prem
- canonical/mitel st14.2
- version/mitel st14.2/ga28