Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma freepbx vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 up to and including 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma Freepbx
312
VMScore
CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta up to and including 13.0.4.7, 14.x up to and including 14.0.24, and 15.x ...
Sangoma Freepbx
312
VMScore
CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel up to and including 13.0.26.9, 14.x up to and including 14.0....
Sangoma Freepbx
668
VMScore
CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote malicious users to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
Sangoma Restapps 15.0.19.87
Sangoma Restapps 15.0.19.88
Sangoma Restapps 16.0.18.40
Sangoma Restapps 16.0.18.41
668
VMScore
CVE-2020-10666
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 up to and including 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
Sangoma Restapps
NA
CVE-2021-4282
A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to versio...
Sangoma Voicemail
NA
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote malicious users to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3