7.2

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SangomaFreepbx Version17.0.19.17
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.261
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org 2.2 0.7 1.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903
Third Party Advisory
https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c
Third Party Advisory