A critical vulnerability in the task scheduler module of Xorcom CompletePBX 5.2.35 allows an authenticated user to execute arbitrary system commands as root. This stems from insufficient input sanitization in task parameters, leading to a direct command injection opportunity.
