A directory traversal vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the “hotelwakeup” module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page that could lead to arbitrary command execution on the server under the security context of the asterisk user.