Cross-Site Request Forgery Vulnerabilities in Innovaphone PBX from Innovaphone

CVE-2014-5335

What is CVE-2014-5335?

Multiple cross-site request forgery (CSRF) vulnerabilities exist in Innovaphone's PBX software, prior to version 10.00 sr12. These weaknesses can enable remote attackers to exploit the system by hijacking an administrator's authentication. This could lead to unauthorized changes in configuration or user accounts, such as altering administrator passwords through crafted requests sent to specific endpoints, or adding new SIP users by manipulating requests directed at admin interfaces.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References