Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freepbx freepbx vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-16967
An issue exists in Manager 13.x prior to 13.0.2.6 and 15.x prior to 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be ...
Freepbx Manager
Freepbx Manager 13.0.1
Sangoma Freepbx
6.5
CVSSv2
CVE-2007-2350
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
Freepbx Freepbx
7.5
CVSSv2
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.
Sangoma Freepbx 2.9
Sangoma Freepbx
3 EDB exploits
3 Github repositories
6.5
CVSSv2
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... lo...
Sangoma Freepbx 10.13.66
Sangoma Freepbx 14.0.1.24
NA
CVE-2020-36630
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this iss...
Sangoma Freepbx
3.5
CVSSv2
CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta up to and including 13.0.4.7, 14.x up to and including 14.0.24, and 15.x ...
Sangoma Freepbx
4.3
CVSSv2
CVE-2012-4870
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to p...
Sangoma Freepbx
1 EDB exploit
3.5
CVSSv2
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
7.5
CVSSv2
CVE-2019-19006
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
Sangoma Freepbx
NA
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 exists to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Sangoma Freepbx
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »