Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freepbx vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
3.5
CVSSv2
CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel up to and including 13.0.26.9, 14.x up to and including 14.0....
Sangoma Freepbx
4.3
CVSSv2
CVE-2012-4870
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to p...
Sangoma Freepbx
1 EDB exploit
NA
CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched re...
Sangoma Freepbx
6.5
CVSSv2
CVE-2010-3490
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and previous versions allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to a...
Sangoma Freepbx
1 EDB exploit
1 Github repository
6
CVSSv2
CVE-2018-15892
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
Freepbx Disa
NA
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 exists to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
Sangoma Freepbx
7.5
CVSSv2
CVE-2006-6244
Coalescent Systems freePBX (formerly Asterisk Management Portal) prior to 2.2.0rc1 allows malicious users to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
Coalescent Systems Freepbx
7.5
CVSSv2
CVE-2006-7107
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
Coalescent Systems Freepbx 2.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2015-2690
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) prior to 2.11.0.7 for FreePBX allow remote malicious users to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_firs...
Digium Addons Module 2.11.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »