7.5

CVE-2014-1903

EPSS 83.71%
Veröffentlicht 18.02.2014 11:55:16
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freepbx ≫ Freepbx Version2.10

Freepbx ≫ Freepbx Version2.11

Freepbx ≫ Freepbx Version2.12

Sangoma ≫ Freepbx Version2.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	83.71%	0.992

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

http://issues.freepbx.org/browse/FREEPBX-7117

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Vendor Advisory

http://osvdb.org/103240

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

http://www.securityfocus.com/archive/1/531040/100/0/threaded

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

https://nvd.nist.gov/vuln/detail/CVE-2014-1903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1903

EUVD