CVE-2013-10043

UNKNOWN 0.0

Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.

CWE	CWE-89 CWE-434
Vendor	astium
Product	voip pbx
Published	Jul 31, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for astium voip pbx

Be the first to know when new unknown vulnerabilities affecting astium voip pbx are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Astium / VoIP PBX

* ≤ astium-confweb-2.1-25399 RPM

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/23831 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/astium_sqli_upload.rb vulncheck.com: https://www.vulncheck.com/advisories/astium-voip-pbx-sqli-file-upload-rce

Credits

xistence