Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freepbx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4870
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to p...
Sangoma Freepbx
1 EDB exploit
9.8
CVSSv3
CVE-2019-19006
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
Sangoma Freepbx
7.2
CVSSv3
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 up to and including 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19551
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zon...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
4.3
CVSSv3
CVE-2018-15892
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
Freepbx Disa
NA
CVE-2006-6244
Coalescent Systems freePBX (formerly Asterisk Management Portal) prior to 2.2.0rc1 allows malicious users to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
Coalescent Systems Freepbx
NA
CVE-2006-7107
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
Coalescent Systems Freepbx 2.1.3
1 EDB exploit
6.1
CVSSv3
CVE-2015-2690
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) prior to 2.11.0.7 for FreePBX allow remote malicious users to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_firs...
Digium Addons Module 2.11.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »