Elastix PBX Remote PHP Injection Exploit

This module exploits a remote PHP code injection vulnerability in Elastix PBX by uploading a renamed PHP file and leveraging a local file inclusion vulnerability to execute the PHP file. It also exploits a bad configuration in the /etc/sudoers file to elevate privileges from 'asterisk' user to 'root'.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-56369
Product Version: 
2013 R1
Released Date: 
Tuesday, January 29, 2013 - 00:00