Sangoma

Freepbx

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.2%
  • Veröffentlicht 29.05.2026 12:46:22
  • Zuletzt bearbeitet 01.06.2026 18:42:00

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in Clie...

  • EPSS 0.29%
  • Veröffentlicht 29.05.2026 12:44:26
  • Zuletzt bearbeitet 01.06.2026 18:41:40

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section acces...

  • EPSS 0.27%
  • Veröffentlicht 29.05.2026 12:42:32
  • Zuletzt bearbeitet 01.06.2026 18:41:28

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an includ...

Medienbericht
  • EPSS 0.43%
  • Veröffentlicht 29.05.2026 12:39:57
  • Zuletzt bearbeitet 01.06.2026 18:38:48

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administr...

  • EPSS 8.49%
  • Veröffentlicht 05.03.2026 18:25:54
  • Zuletzt bearbeitet 06.03.2026 17:55:42

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17....

  • EPSS 0.25%
  • Veröffentlicht 05.03.2026 18:24:50
  • Zuletzt bearbeitet 06.03.2026 18:32:58

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.

  • EPSS 0.3%
  • Veröffentlicht 05.03.2026 18:24:06
  • Zuletzt bearbeitet 06.03.2026 18:41:03

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.

  • EPSS 0.89%
  • Veröffentlicht 05.03.2026 18:22:38
  • Zuletzt bearbeitet 06.03.2026 18:45:06

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module...

  • EPSS 0.3%
  • Veröffentlicht 12.02.2026 16:22:42
  • Zuletzt bearbeitet 27.02.2026 13:05:46

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulner...

Medienbericht
  • EPSS 6.13%
  • Veröffentlicht 16.12.2025 00:23:05
  • Zuletzt bearbeitet 18.12.2025 17:42:21

The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. ...