Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freepbx vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-16967
An issue exists in Manager 13.x prior to 13.0.2.6 and 15.x prior to 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be ...
Freepbx Manager
Sangoma Freepbx
Freepbx Manager 13.0.1
NA
CVE-2007-2350
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
Freepbx Freepbx
NA
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.
Sangoma Freepbx 2.9
Sangoma Freepbx
3 EDB exploits
3 Github repositories
7.2
CVSSv3
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... lo...
Sangoma Freepbx 10.13.66
Sangoma Freepbx 14.0.1.24
7.2
CVSSv3
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 up to and including 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
NA
CVE-2010-3490
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and previous versions allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to a...
Sangoma Freepbx
1 EDB exploit
1 Github repository
NA
CVE-2012-4870
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to p...
Sangoma Freepbx
1 EDB exploit
4.8
CVSSv3
CVE-2019-19551
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zon...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »