Primary

Context

Xorcom CompletePBX Command Injection Vulnerability in Task Scheduler

Vulnerability

A command injection vulnerability has been identified in Xorcom CompletePBX, specifically within the Task Scheduler feature for administrators. This vulnerability allows attackers to execute arbitrary commands with root privileges. It affects all CompletePBX versions prior to 5.2.35.

Impact

Exploitation of this vulnerability allows for unauthorized command execution as the root user, potentially leading to full system compromise.

Remediation

Users are advised to upgrade to Xorcom CompletePBX version 5.2.36.1 or later. Instructions for upgrading are available on the Xorcom website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

1.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

1.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xorcom CompletePBX Command Injection Vulnerability in Task Scheduler

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating