Primary

Context

MikoPBX File Upload Vulnerability in PBXCoreREST Allowing PHP Script Execution

Vulnerability

A vulnerability exists in MikoPBX versions through 2024.1.114 within the PBXCoreREST component. The issue allows users to upload PHP scripts to arbitrary directories, potentially leading to unauthorized script execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the uploaded PHP scripts being executed on the server, potentially leading to remote code execution.

Remediation

Users are advised to update to the latest version of MikoPBX, where this vulnerability has been addressed. The latest release can be downloaded from the MikoPBX GitHub repository.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.2

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.2

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MikoPBX File Upload Vulnerability in PBXCoreREST Allowing PHP Script Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating