Sangoma

Freepbx

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.68%
  • Veröffentlicht 25.12.2022 20:15:25
  • Zuletzt bearbeitet 21.11.2024 05:29:56

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5....

  • EPSS 0.56%
  • Veröffentlicht 16.03.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:32

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through...

  • EPSS 0.56%
  • Veröffentlicht 16.03.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:03

Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup c...

  • EPSS 3.13%
  • Veröffentlicht 16.03.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:34:55

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

  • EPSS 0.53%
  • Veröffentlicht 16.03.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:31

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and...

  • EPSS 0.55%
  • Veröffentlicht 06.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:57

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a us...

  • EPSS 0.55%
  • Veröffentlicht 06.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:57

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date forma...

Warnung Medienbericht Exploit
  • EPSS 36.62%
  • Veröffentlicht 21.11.2019 18:15:11
  • Zuletzt bearbeitet 04.02.2026 15:56:22

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Exploit
  • EPSS 1.31%
  • Veröffentlicht 21.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:26

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected i...

  • EPSS 1.14%
  • Veröffentlicht 21.10.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:26

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group va...