A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
Security readout for executives and security teams
Plain-English summary
CVE-2013-10043 is a critical Astium VoIP PBX issue that can let an unauthenticated attacker become an administrator and run code on the PBX. The source says execution can occur with root privileges, so a successful compromise could give full control of the system.
Executive priority
Treat this as urgent for any exposed Astium PBX. It combines unauthenticated access, administrator takeover, and root-level code execution. If the product is present and reachable, reduce exposure immediately while confirming vendor-supported remediation.
Technical view
The reported chain combines SQL injection in the web login with arbitrary PHP upload through the administrative import workflow. Public references describe the uploaded code being written into configuration and executed during a configuration reload. The CVSS 4.0 score is 9.5, with network attack vector and high confidentiality, integrity, and availability impact.
Likely exposure
Exposure is most likely where Astium VoIP PBX web administration is reachable over a network, especially astium-confweb-2.1-25399 or earlier. The structured affected-product data in the bundle is sparse and inconsistent, so asset confirmation is important.
Exploitation context
Public exploit references exist, including Exploit-DB and a Metasploit module. The bundle does not show CISA KEV listing or cited evidence of active exploitation, so active exploitation should not be asserted from these sources alone.
Researcher notes
The sources support a high-impact exploit chain, but affected-version metadata is incomplete in the provided bundle. Validate product lineage and version locally before scoping. Do not assume active exploitation without KEV or another cited source showing it.
Mitigation direction
Inventory Astium VoIP PBX and astium-confweb versions immediately.
Remove public access to the web administration interface.
Restrict management access to trusted VPN or allow-listed addresses.
Check vendor or trusted advisory guidance for fixed versions or retirement options.
Rebuild affected PBX systems if compromise is suspected.
Validation and detection
Confirm whether any Astium VoIP PBX systems are deployed.
Identify astium-confweb version and compare with 2.1-25399 or earlier.
Review web access logs for suspicious login and import activity.
Inspect recent configuration changes and unexpected PHP files.
Check whether management interfaces are internet-accessible.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-434: File access and web shell behavior lookup
File traversal and upload weaknesses can lead teams to review file, web shell, execution, and collection telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
4Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: noTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-434 · source CWE mapping
Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.