CVE-2018-5782: Code Injection
First published: Wed Mar 14 2018(Updated: )
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel Connect ONSITE | <=r1711-prem | |
| Mitel St14.2 | <=ga28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5782?
CVE-2018-5782 is considered high severity due to the potential for unauthenticated remote code execution.
How do I fix CVE-2018-5782?
To fix CVE-2018-5782, upgrade Mitel Connect ONSITE to version later than R1711-PREM or Mitel ST 14.2 to a version higher than GA28.
Who is affected by CVE-2018-5782?
CVE-2018-5782 affects users of Mitel Connect ONSITE versions R1711-PREM and earlier, as well as Mitel ST 14.2 release GA28 and earlier.
What type of attack does CVE-2018-5782 allow?
CVE-2018-5782 allows an unauthenticated attacker to inject PHP code via specially crafted requests.
What is the impact of exploiting CVE-2018-5782?
Exploitation of CVE-2018-5782 could lead to full compromise of the affected Mitel system, allowing attackers to execute arbitrary code.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/mitel
- canonical/mitel connect onsite
- version/mitel connect onsite/r1711-prem
- canonical/mitel st14.2
- version/mitel st14.2/ga28