Sangoma

Freepbx

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.56%
  • Veröffentlicht 20.06.2019 17:15:09
  • Zuletzt bearbeitet 21.11.2024 03:51:39

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

Exploit
  • EPSS 2.2%
  • Veröffentlicht 29.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:37

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shel...

  • EPSS 42.99%
  • Veröffentlicht 07.10.2014 14:55:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP uns...

  • EPSS 52.19%
  • Veröffentlicht 18.02.2014 11:55:16
  • Zuletzt bearbeitet 29.04.2026 01:13:23

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execut...

Exploit
  • EPSS 2.01%
  • Veröffentlicht 06.09.2012 17:55:02
  • Zuletzt bearbeitet 16.06.2026 23:45:49

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname p...

Exploit
  • EPSS 70.25%
  • Veröffentlicht 06.09.2012 17:55:02
  • Zuletzt bearbeitet 16.06.2026 23:45:49

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

  • EPSS 9.57%
  • Veröffentlicht 28.09.2010 18:00:03
  • Zuletzt bearbeitet 16.06.2026 23:22:52

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the use...

  • EPSS 1.26%
  • Veröffentlicht 28.05.2009 14:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:05

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order an...

  • EPSS 1.22%
  • Veröffentlicht 28.05.2009 14:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:05

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

  • EPSS 0.58%
  • Veröffentlicht 28.05.2009 14:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:05

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have un...