This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.
4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2
UCM6202 version 1.0.18.13 suffers from a remote command injection vulnerability.
e44ddf6cc3933c936f1c38067b878120ae2306e3195079e894790e916bce59f5