CNNVD-202602-1880 Information
CNNVD ID
CNNVD-202602-1880
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
ASTPP是Inextrix Technologies Pvt. Ltd开源的一个VoIP计费解决方案。 ASTPP 4.0.1版本存在跨站脚本漏洞,该漏洞源于SIP设备配置和插件管理界面存在跨站脚本和命令注入,可能导致注入系统命令、劫持管理员会话以及通过cron任务操作执行任意代码。
Description (English)
ASTPP is a VoIP billing solution for the Inextrix Technologies Pvt. Ltd open source. ASTPP version 4.0.1 has a cross-site script loophole, which stems from the presence of cross-site scripts and command injections in the SIP equipment configuration and plugin management interface, which may lead to the injection of system commands, the hijacking manager ’ s sessions and the execution of any code through the cron task.
Hazard Level
Low
Vulnerability Type
跨站脚本
Affected Vendor
Inextrix Technologies Pvt. Ltd
Published
2026-02-11
Last Modified
2026-02-24
References
https://github.com/iNextrix/ASTPP https://www.astppbilling.org/ https://www.exploit-db.com/exploits/47889 https://www.vulncheck.com/advisories/astpp-voip-remote-code-execution
Patch
https://github.com/iNextrix/ASTPP/releases
Share on: