7.5

CVE-2014-1903

EPSS 83.71%
Published 18.02.2014 11:55:16
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Freepbx ≫ Freepbx Version2.10

Freepbx ≫ Freepbx Version2.11

Freepbx ≫ Freepbx Version2.12

Sangoma ≫ Freepbx Version2.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	83.71%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

http://issues.freepbx.org/browse/FREEPBX-7117

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Vendor Advisory

http://osvdb.org/103240

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

http://www.securityfocus.com/archive/1/531040/100/0/threaded

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

https://nvd.nist.gov/vuln/detail/CVE-2014-1903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1903

EUVD