Sangoma

Freepbx

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.11%
  • Veröffentlicht 16.12.2025 00:14:18
  • Zuletzt bearbeitet 18.12.2025 17:45:31

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script `amp...

Exploit
  • EPSS 3.24%
  • Veröffentlicht 11.12.2025 21:36:11
  • Zuletzt bearbeitet 15.12.2025 17:10:56

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POS...

  • EPSS 3.03%
  • Veröffentlicht 09.12.2025 21:32:03
  • Zuletzt bearbeitet 02.02.2026 14:47:12

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary va...

  • EPSS 0.18%
  • Veröffentlicht 14.10.2025 19:26:02
  • Zuletzt bearbeitet 20.01.2026 13:59:00

FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Aster...

  • EPSS 0.43%
  • Veröffentlicht 15.09.2025 21:04:07
  • Zuletzt bearbeitet 17.10.2025 14:36:35

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops ...

  • EPSS 0.4%
  • Veröffentlicht 15.09.2025 21:00:13
  • Zuletzt bearbeitet 17.10.2025 14:46:44

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. ...

Warnung Exploit
  • EPSS 93.29%
  • Veröffentlicht 28.08.2025 16:45:18
  • Zuletzt bearbeitet 24.10.2025 13:58:40

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database ma...

  • EPSS 0.34%
  • Veröffentlicht 02.12.2024 18:15:11
  • Zuletzt bearbeitet 23.09.2025 13:00:30

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond...

Exploit
  • EPSS 0.72%
  • Veröffentlicht 02.11.2023 12:15:09
  • Zuletzt bearbeitet 09.07.2026 01:18:41

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

  • EPSS 0.52%
  • Veröffentlicht 27.12.2022 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:39:54

A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting....