ATTACK [PTsecurity] FreePBX 13/14 Remote Command Execution

SID: 10000083Rev: 330 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationsuccessful-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] FreePBX 13/14 Remote Command Execution"; flow:to_server; content:"POST"; http_method; nocase; content:"/admin/ajax.php"; http_uri; content:"Content-Type: application/x-www-form-urlencoded"; nocase; http_header; pcre:"/file=[^&]*\x60[^&]*\x60/P"; pcre:"/module=recordings/P"; xbits:isset, FreePBXMaliciousFilenameUpload, track ip_dst; reference:exploitdb, 40232; reference:url, rules.ptsecurity.com; classtype:successful-admin; sid:10000083; rev:3;)

References

exploitdb40232
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!