Full title: TrixBox CE Command Execution Exploit Category: remote exploits Platform: php This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap. # 0day.today @ http://0day.today/