CVE-2012-3811

critical

Published 2012-07-03 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://downloads.avaya.com/css/P8/documents/100164021

Application impact

Vendor	Product	Versions	Fixed
avaya	ip_office_customer_call_reporter	`7.0`
avaya	ip_office_customer_call_reporter	`8.0`

References

http://zerodayinitiative.com/advisories/ZDI-12-106/
https://downloads.avaya.com/css/P8/documents/100164021
http://zerodayinitiative.com/advisories/ZDI-12-106/
https://downloads.avaya.com/css/P8/documents/100164021

Verify integrity in audit chain (admin only). AS-IS.