CVE-2006-6244 Information

Description

Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).

Reference

http://secunia.com/advisories/23124 http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129 http://www.freepbx.org/trac/changeset/2076 http://www.securityfocus.com/bid/21359 http://www.vupen.com/english/advisories/2006/3019