Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma freepbx vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-16966
An issue exists in Contactmanager 13.x prior to 13.0.45.3, 14.x prior to 14.0.5.12, and 15.x prior to 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is re...
Freepbx Contactmanager 13.0.0
Freepbx Contactmanager 14.0.1
Freepbx Contactmanager
Sangoma Freepbx 14.0.10.3
8.8
CVSSv3
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 exists to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Sangoma Freepbx
6.1
CVSSv3
CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched re...
Sangoma Freepbx
9.8
CVSSv3
CVE-2020-36630
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this iss...
Sangoma Freepbx
NA
CVE-2010-3490
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and previous versions allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to a...
Sangoma Freepbx
1 EDB exploit
1 Github repository
7.2
CVSSv3
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 up to and including 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta up to and including 13.0.4.7, 14.x up to and including 14.0.24, and 15.x ...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel up to and including 13.0.26.9, 14.x up to and including 14.0....
Sangoma Freepbx
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »