Date published: 2014-11-20T08:55:11.393-05:00
Date last modified: 2014-11-20T10:09:04.390-05:00
CVSS Score: 6.5
Principal attack vector: NETWORK
Reference URL: http://seclists.org/fulldisclosure/2014/Oct/101
Summary: reminders/index.php in Incredible PBX 11 220.127.116.11.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.