CVE-2018-5782
Summary
| CVE | CVE-2018-5782 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-14 16:29:00 UTC |
| Updated | 2019-04-26 15:05:00 UTC |
| Description | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mitel | Connect Onsite | All | All | All | All |
| Application | Mitel | St14.2 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GitHub - twosevenzero/shoretel-mitel-rce: Remote Code Execution on ShoreTel/Mitel CONNECT Onsite ST 14.2 | MISC | github.com | Product, Third Party Advisory |
| Mitel Product Security Advisory 18-0004 | CONFIRM | www.mitel.com | Vendor Advisory |
| ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.