CVE-2020-37153

High CVSS: 7.7

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

Vendor

Inextrix

Product

Astpp

CWE

CWE-79

Yayın Tarihi

2026-02-11 21:16:08

Güncelleme

2026-02-20 20:22:16

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Astpp HIGH Inextrix 2026

Referanslar

https://github.com/iNextrix/ASTPP https://www.astppbilling.org/ https://www.exploit-db.com/exploits/47889 https://www.vulncheck.com/advisories/astpp-voip-remote-code-execution