Freepbx

Freepbx

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2018-15891

  • EPSS 0.41%
  • Published 20.06.2019 17:15:09
  • Last modified 21.11.2024 03:51:39

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.

10

CVE-2014-7235

  • EPSS 57.42%
  • Published 07.10.2014 14:55:09
  • Last modified 12.04.2025 10:46:40

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP uns...

7.5

CVE-2014-1903

  • EPSS 83.71%
  • Published 18.02.2014 11:55:16
  • Last modified 11.04.2025 00:51:21

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execut...

4.3

CVE-2009-4458

Exploit
  • EPSS 2.39%
  • Published 30.12.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display...

4.3

CVE-2009-1801

  • EPSS 0.48%
  • Published 28.05.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order an...

6.8

CVE-2009-1802

  • EPSS 0.14%
  • Published 28.05.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have un...

5

CVE-2009-1803

  • EPSS 0.32%
  • Published 28.05.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

6.5

CVE-2007-2350

Exploit
  • EPSS 0.71%
  • Published 30.04.2007 22:19:00
  • Last modified 09.04.2025 00:30:58

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.

6.8

CVE-2007-2191

Exploit
  • EPSS 7.33%
  • Published 24.04.2007 17:19:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /...