Vulnerabilites related to Sangoma - FreePBX
cve-2009-1803
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/54263 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-28T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54263"
},
{
"name": "http://freepbx.org/trac/ticket/3660",
"refsource": "CONFIRM",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1803",
"datePublished": "2009-05-28T14:00:00Z",
"dateReserved": "2009-05-28T00:00:00Z",
"dateUpdated": "2024-09-16T22:51:26.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7235
Vulnerability from cvelistv5
Published
2014-10-07 14:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html | x_refsource_MISC | |
| http://secunia.com/advisories/61601 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836 | x_refsource_CONFIRM | |
| http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96790 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/41005/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/70188 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html"
},
{
"name": "61601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536"
},
{
"name": "freepbx-ariframework-code-exec(96790)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790"
},
{
"name": "41005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41005/"
},
{
"name": "70188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html"
},
{
"name": "61601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536"
},
{
"name": "freepbx-ariframework-code-exec(96790)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790"
},
{
"name": "41005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41005/"
},
{
"name": "70188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html"
},
{
"name": "61601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61601"
},
{
"name": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836",
"refsource": "CONFIRM",
"url": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836"
},
{
"name": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536",
"refsource": "CONFIRM",
"url": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536"
},
{
"name": "freepbx-ariframework-code-exec(96790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790"
},
{
"name": "41005",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41005/"
},
{
"name": "70188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7235",
"datePublished": "2014-10-07T14:00:00",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1903
Vulnerability from cvelistv5
Published
2014-02-18 11:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:14.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl"
},
{
"name": "103240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/103240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429"
},
{
"name": "20140211 Re: Freepbx , php code execution exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html"
},
{
"name": "20140211 Freepbx , php code execution exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html"
},
{
"name": "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531040/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl"
},
{
"name": "103240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/103240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429"
},
{
"name": "20140211 Re: Freepbx , php code execution exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html"
},
{
"name": "20140211 Freepbx , php code execution exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html"
},
{
"name": "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531040/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl",
"refsource": "MISC",
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl"
},
{
"name": "103240",
"refsource": "OSVDB",
"url": "http://osvdb.org/103240"
},
{
"name": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03",
"refsource": "CONFIRM",
"url": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03"
},
{
"name": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429",
"refsource": "CONFIRM",
"url": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429"
},
{
"name": "20140211 Re: Freepbx , php code execution exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html"
},
{
"name": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html"
},
{
"name": "20140211 Freepbx , php code execution exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html"
},
{
"name": "http://issues.freepbx.org/browse/FREEPBX-7123",
"refsource": "CONFIRM",
"url": "http://issues.freepbx.org/browse/FREEPBX-7123"
},
{
"name": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice",
"refsource": "CONFIRM",
"url": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice"
},
{
"name": "http://issues.freepbx.org/browse/FREEPBX-7117",
"refsource": "CONFIRM",
"url": "http://issues.freepbx.org/browse/FREEPBX-7117"
},
{
"name": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html"
},
{
"name": "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531040/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1903",
"datePublished": "2014-02-18T11:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:14.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25090
Vulnerability from cvelistv5
Published
2022-12-27 12:04
Modified
2024-08-05 03:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.216878 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.216878 | signature, permissions-required | |
| https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | patch | |
| https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FreePBX | arimanager |
Version: 13.0.5.0 Version: 13.0.5.1 Version: 13.0.5.2 Version: 13.0.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.216878"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216878"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Views Handler"
],
"product": "arimanager",
"vendor": "FreePBX",
"versions": [
{
"status": "affected",
"version": "13.0.5.0"
},
{
"status": "affected",
"version": "13.0.5.1"
},
{
"status": "affected",
"version": "13.0.5.2"
},
{
"status": "affected",
"version": "13.0.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in FreePBX arimanager bis 13.0.5.3 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Views Handler. Mit der Manipulation des Arguments dataurl mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 13.0.5.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T12:04:53.087Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.216878"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216878"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-27T13:09:50.000Z",
"value": "VulDB last update"
}
],
"title": "FreePBX arimanager Views cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25090",
"datePublished": "2022-12-27T12:04:53.087Z",
"dateReserved": "2022-12-27T12:03:22.385Z",
"dateUpdated": "2024-08-05T03:00:19.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4869
Vulnerability from cvelistv5
Published
2012-09-06 17:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18649 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/18659 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2012/Mar/234 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/48463 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52630 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74174 | vdb-entry, x_refsource_XF | |
| http://www.freepbx.org/trac/ticket/5711 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"name": "18659",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"name": "freepbx-callmepage-command-exec(74174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"name": "18659",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"name": "freepbx-callmepage-command-exec(74174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18649",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"name": "18659",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18659"
},
{
"name": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52630"
},
{
"name": "freepbx-callmepage-command-exec(74174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174"
},
{
"name": "http://www.freepbx.org/trac/ticket/5711",
"refsource": "CONFIRM",
"url": "http://www.freepbx.org/trac/ticket/5711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4869",
"datePublished": "2012-09-06T17:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19552
Vulnerability from cvelistv5
Published
2019-12-06 15:02
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:02:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19552",
"datePublished": "2019-12-06T15:02:45",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16967
Vulnerability from cvelistv5
Published
2019-10-21 19:10
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.freepbx.org/browse/FREEPBX-20436 | x_refsource_MISC | |
| https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool\u0026display=manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-21T19:10:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool\u0026display=manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.freepbx.org/browse/FREEPBX-20436",
"refsource": "MISC",
"url": "https://issues.freepbx.org/browse/FREEPBX-20436"
},
{
"name": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372",
"refsource": "MISC",
"url": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16967",
"datePublished": "2019-10-21T19:10:13",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6393
Vulnerability from cvelistv5
Published
2018-01-29 20:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102854 | vdb-entry, x_refsource_BID | |
| http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt"
},
{
"name": "102854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt"
},
{
"name": "102854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt",
"refsource": "MISC",
"url": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt"
},
{
"name": "102854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102854"
},
{
"name": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6393",
"datePublished": "2018-01-29T20:00:00",
"dateReserved": "2018-01-29T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19538
Vulnerability from cvelistv5
Published
2020-03-16 20:08
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00 | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T20:08:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00",
"refsource": "MISC",
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19538",
"datePublished": "2020-03-16T20:08:15",
"dateReserved": "2019-12-03T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3490
Vulnerability from cvelistv5
Published
2010-09-28 17:00
Modified
2024-08-07 03:11
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/513947/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/43454 | vdb-entry, x_refsource_BID | |
| http://www.freepbx.org/trac/ticket/4553 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/15098 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:44.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt"
},
{
"name": "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513947/100/0/threaded"
},
{
"name": "43454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freepbx.org/trac/ticket/4553"
},
{
"name": "15098",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt"
},
{
"name": "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513947/100/0/threaded"
},
{
"name": "43454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freepbx.org/trac/ticket/4553"
},
{
"name": "15098",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt"
},
{
"name": "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513947/100/0/threaded"
},
{
"name": "43454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43454"
},
{
"name": "http://www.freepbx.org/trac/ticket/4553",
"refsource": "MISC",
"url": "http://www.freepbx.org/trac/ticket/4553"
},
{
"name": "15098",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3490",
"datePublished": "2010-09-28T17:00:00",
"dateReserved": "2010-09-23T00:00:00",
"dateUpdated": "2024-08-07T03:11:44.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10666
Vulnerability from cvelistv5
Published
2021-05-31 11:40
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-31T11:40:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10666",
"datePublished": "2021-05-31T11:40:41",
"dateReserved": "2020-03-18T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15891
Vulnerability from cvelistv5
Published
2019-06-20 16:35
Modified
2024-08-05 10:10
Severity ?
EPSS score ?
Summary
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freepbx.org/ | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:06.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.freepbx.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T16:35:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.freepbx.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.freepbx.org/",
"refsource": "MISC",
"url": "https://www.freepbx.org/"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15891",
"datePublished": "2019-06-20T16:35:57",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T10:10:06.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19006
Vulnerability from cvelistv5
Published
2019-11-21 17:51
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freepbx.org/category/blog/ | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass | x_refsource_CONFIRM | |
| https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772 | x_refsource_MISC | |
| https://pastebin.com/2CdsQMKW | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:40.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.freepbx.org/category/blog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/2CdsQMKW"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T15:48:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.freepbx.org/category/blog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/2CdsQMKW"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.freepbx.org/category/blog/",
"refsource": "MISC",
"url": "https://www.freepbx.org/category/blog/"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
},
{
"name": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772",
"refsource": "MISC",
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"name": "https://pastebin.com/2CdsQMKW",
"refsource": "MISC",
"url": "https://pastebin.com/2CdsQMKW"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19006",
"datePublished": "2019-11-21T17:51:14",
"dateReserved": "2019-11-15T00:00:00",
"dateUpdated": "2024-08-05T02:02:40.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19551
Vulnerability from cvelistv5
Published
2019-12-06 15:04
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user\u0027s profile, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:04:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user\u0027s profile, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19551",
"datePublished": "2019-12-06T15:04:14",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36630
Vulnerability from cvelistv5
Published
2022-12-25 19:20
Modified
2024-08-04 17:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.216771 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.216771 | signature, permissions-required | |
| https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | patch | |
| https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.216771"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216771"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cdr",
"vendor": "FreePBX",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in FreePBX cdr 14.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion ajaxHandler der Datei ucp/Cdr.class.php. Mittels dem Manipulieren des Arguments limit/offset mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 14.0.5.21 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f1a9eea2dfff30fb99d825bac194a676a82b9ec8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-25T19:20:13.546Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.216771"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216771"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-25T20:25:10.000Z",
"value": "VulDB last update"
}
],
"title": "FreePBX cdr Cdr.class.php ajaxHandler sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36630",
"datePublished": "2022-12-25T19:20:13.546Z",
"dateReserved": "2022-12-25T19:18:53.973Z",
"dateUpdated": "2024-08-04T17:30:08.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4870
Vulnerability from cvelistv5
Published
2012-09-06 17:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18649 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74173 | vdb-entry, x_refsource_XF | |
| http://seclists.org/fulldisclosure/2012/Mar/234 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/48463 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52630 | vdb-entry, x_refsource_BID | |
| http://www.freepbx.org/trac/ticket/5711 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48475 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "freepbx-multiple-xss(74173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"name": "48475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "freepbx-multiple-xss(74173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"name": "48475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18649",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"name": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"name": "freepbx-multiple-xss(74173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173"
},
{
"name": "20120320 FreePBX remote command execution, xss",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"name": "48463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48463"
},
{
"name": "52630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52630"
},
{
"name": "http://www.freepbx.org/trac/ticket/5711",
"refsource": "CONFIRM",
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"name": "48475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4870",
"datePublished": "2012-09-06T17:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19852
Vulnerability from cvelistv5
Published
2020-03-16 20:36
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T20:36:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19852",
"datePublished": "2020-03-16T20:36:44",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1802
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/54262 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-28T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54262",
"refsource": "OSVDB",
"url": "http://osvdb.org/54262"
},
{
"name": "http://freepbx.org/trac/ticket/3660",
"refsource": "CONFIRM",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1802",
"datePublished": "2009-05-28T14:00:00Z",
"dateReserved": "2009-05-28T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:13.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19615
Vulnerability from cvelistv5
Published
2020-03-16 20:27
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:11.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple XSS vulnerabilities exist in the Backup \u0026 Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T20:27:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XSS vulnerabilities exist in the Backup \u0026 Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"name": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19615",
"datePublished": "2020-03-16T20:27:42",
"dateReserved": "2019-12-06T00:00:00",
"dateUpdated": "2024-08-05T02:25:11.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19851
Vulnerability from cvelistv5
Published
2020-03-16 15:07
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:07:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities",
"refsource": "MISC",
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19851",
"datePublished": "2020-03-16T15:07:37",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1801
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50361 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/54260 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/54261 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54259 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freepbx-reports-xss(50361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361"
},
{
"name": "54260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54260"
},
{
"name": "54261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54261"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"name": "54259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freepbx-reports-xss(50361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361"
},
{
"name": "54260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54260"
},
{
"name": "54261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54261"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"name": "54259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freepbx-reports-xss(50361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361"
},
{
"name": "54260",
"refsource": "OSVDB",
"url": "http://osvdb.org/54260"
},
{
"name": "54261",
"refsource": "OSVDB",
"url": "http://osvdb.org/54261"
},
{
"name": "http://freepbx.org/trac/ticket/3660",
"refsource": "CONFIRM",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"name": "34772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34772"
},
{
"name": "34857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34857"
},
{
"name": "54259",
"refsource": "OSVDB",
"url": "http://osvdb.org/54259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1801",
"datePublished": "2009-05-28T14:00:00",
"dateReserved": "2009-05-28T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45461
Vulnerability from cvelistv5
Published
2021-12-22 18:25
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | x_refsource_MISC | |
| https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | x_refsource_CONFIRM | |
| https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T18:25:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092",
"refsource": "MISC",
"url": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092"
},
{
"name": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109",
"refsource": "CONFIRM",
"url": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109"
},
{
"name": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE",
"refsource": "CONFIRM",
"url": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45461",
"datePublished": "2021-12-22T18:25:54",
"dateReserved": "2021-12-22T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-53564
Vulnerability from cvelistv5
Published
2024-12-02 00:00
Modified
2025-01-14 16:41
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:coalescent_systems:freepbx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freepbx",
"vendor": "coalescent_systems",
"versions": [
{
"status": "affected",
"version": "v17.0.19.17"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:40:44.891089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:16.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FreePBX",
"vendor": "Sangoma",
"versions": [
{
"status": "affected",
"version": "17.0.19.17",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.0.19.17",
"versionStartIncluding": "17.0.19.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier\u0027s position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T00:01:33.346930Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903"
},
{
"url": "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-53564",
"datePublished": "2024-12-02T00:00:00",
"dateReserved": "2024-11-20T00:00:00",
"dateUpdated": "2025-01-14T16:41:16.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16966
Vulnerability from cvelistv5
Published
2019-10-21 18:57
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.freepbx.org/browse/FREEPBX-20437 | x_refsource_MISC | |
| https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-21T18:57:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.freepbx.org/browse/FREEPBX-20437",
"refsource": "MISC",
"url": "https://issues.freepbx.org/browse/FREEPBX-20437"
},
{
"name": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633",
"refsource": "MISC",
"url": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633"
},
{
"name": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/",
"refsource": "MISC",
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16966",
"datePublished": "2019-10-21T18:57:44",
"dateReserved": "2019-09-29T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43336
Vulnerability from cvelistv5
Published
2023-11-02 00:00
Modified
2024-09-17 13:14
Severity ?
EPSS score ?
Summary
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://freepbx.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://sangoma.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43336",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:22:15.863608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:14:25.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T11:14:43.302602",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://freepbx.com"
},
{
"url": "http://sangoma.com"
},
{
"url": "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43336",
"datePublished": "2023-11-02T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-17T13:14:25.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-05-31 12:15
Modified
2024-11-21 04:55
Severity ?
Summary
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EE6D96-B897-490A-AD2D-85FA89A6399F",
"versionEndIncluding": "13.0.93.2",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEBAA67-50C0-4A91-8707-2FB3B1981B9D",
"versionEndIncluding": "14.0.22.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725A46EC-3F07-4811-9E90-8CD61316A980",
"versionEndIncluding": "15.0.19.2",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56F9D7C9-4F22-4BB6-9F17-CE0DFC2CD659",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command."
},
{
"lang": "es",
"value": "El m\u00f3dulo restapps (tambi\u00e9n se conoce como aplicaciones Rest Phone) para Sangoma FreePBX y PBXact versiones 13, 14 y 15 hasta 15.0.19.2, permite una ejecuci\u00f3n de c\u00f3digo remota por medio de una variable URL en un comando AMI"
}
],
"id": "CVE-2020-10666",
"lastModified": "2024-11-21T04:55:48.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-31T12:15:08.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-21 19:15
Modified
2024-11-21 04:31
Severity ?
Summary
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.freepbx.org/browse/FREEPBX-20437 | Vendor Advisory | |
| cve@mitre.org | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.freepbx.org/browse/FREEPBX-20437 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | contactmanager | * | |
| freepbx | contactmanager | * | |
| freepbx | contactmanager | * | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| sangoma | freepbx | 14.0.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*",
"matchCriteriaId": "59979723-3B4E-45EA-BD04-E25E9A8BACEE",
"versionEndExcluding": "13.0.45.3",
"versionStartIncluding": "13.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*",
"matchCriteriaId": "B7EF4F25-9015-499C-8265-4119AA15CA44",
"versionEndExcluding": "14.0.5.12",
"versionStartIncluding": "14.0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*",
"matchCriteriaId": "FE24C29C-53AE-4746-B742-15A5A7E8B57A",
"versionEndExcluding": "15.0.8.21",
"versionStartIncluding": "15.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta1:*:*:*:freepbx:*:*",
"matchCriteriaId": "458222C4-7AF6-4D74-98E3-CC0C308B6085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta2:*:*:*:freepbx:*:*",
"matchCriteriaId": "8968630F-6F4F-47FF-AD3E-6AC121597791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta3:*:*:*:freepbx:*:*",
"matchCriteriaId": "E087BBAD-8491-4E67-B6FF-3481D9746463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta4:*:*:*:freepbx:*:*",
"matchCriteriaId": "E82BD63A-259A-4F71-B5B6-DC8BA24412E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta5:*:*:*:freepbx:*:*",
"matchCriteriaId": "B844666B-D752-4018-A795-42223B50E7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:-:*:*:*:freepbx:*:*",
"matchCriteriaId": "2FDA6DD1-E454-4B35-8B3A-F9897C709A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha1:*:*:*:freepbx:*:*",
"matchCriteriaId": "29E6AFB9-B604-418F-9521-5827F1483D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha2:*:*:*:freepbx:*:*",
"matchCriteriaId": "8B0541CE-673E-4DE8-8319-61EA95756BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta1:*:*:*:freepbx:*:*",
"matchCriteriaId": "697B337D-3DD3-484D-8AAF-11596EE5A05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta2:*:*:*:freepbx:*:*",
"matchCriteriaId": "18ABD7D8-B6E9-4877-883B-B8932FC9D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta3:*:*:*:freepbx:*:*",
"matchCriteriaId": "FA5D2378-F16E-485C-85EC-46F26A01A475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:14.0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE03D797-BB0A-4820-922B-53B35B546259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Contactmanager versiones 13.x anteriores a 13.0.45.3, versiones 14.x anteriores a 14.0.5.12 y versiones 15.x anteriores a 15.0.8.21 para FreePBX versi\u00f3n 14.0.10.3. En la clase Contactmanager (archivo html\\admin\\modules\\contactmanager\\Contactmanager.class.php), una variable group no saneada que proviene de la URL es reflejada en HTML en 2 ocasiones, conllevando a una vulnerabilidad de tipo XSS. Que puede ser solicitada mediante una petici\u00f3n GET en /admin/ajax.php?module=contactmanager."
}
],
"id": "CVE-2019-16966",
"lastModified": "2024-11-21T04:31:26.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-21T19:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20437"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-27 13:15
Modified
2024-11-21 04:39
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.216878 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.216878 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.216878 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.216878 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB2704E-CFB4-45D4-81FC-FB9B968FA495",
"versionEndExcluding": "13.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en FreePBX arimanager hasta 13.0.5.3 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Views Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento dataurl conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 13.0.5.4 puede solucionar este problema. El nombre del parche es 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. Se recomienda actualizar el componente afectado. VDB-216878 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2019-25090",
"lastModified": "2024-11-21T04:39:54.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-27T13:15:10.703",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.216878"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.216878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216878"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:34
Severity ?
Summary
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8701B6-805C-433E-8FA7-1F3EF62CA458",
"versionEndExcluding": "13.0.92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE34EBC-5800-4DAA-A12D-40E058D3320E",
"versionEndExcluding": "14.0.38.3",
"versionStartIncluding": "14.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E34FF5E3-F82D-4090-9BDE-46F0AA668B4B",
"versionEndExcluding": "15.0.13.6",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation."
},
{
"lang": "es",
"value": "En Sangoma, los m\u00f3dulos FreePBX versiones 13 hasta 15 y sysadmin versiones 13.0.92 hasta 15.0.13.6 (tambi\u00e9n se conoce como System Admin), presentan una vulnerabilidad de Ejecuci\u00f3n de Comandos Remota que resulta en una Escalada de Privilegios."
}
],
"id": "CVE-2019-19538",
"lastModified": "2024-11-21T04:34:55.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T21:15:12.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-25 20:15
Modified
2024-11-21 05:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.216771 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.216771 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.216771 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.216771 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF249FA-1F7D-4B99-AA29-FEEDE1D78861",
"versionEndExcluding": "14.0.5.21",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en FreePBX cdr 14.0. Ha sido clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n ajaxHandler del archivo ucp/Cdr.class.php. La manipulaci\u00f3n del l\u00edmite/desplazamiento del argumento conduce a la inyecci\u00f3n de SQL. La actualizaci\u00f3n a la versi\u00f3n 14.0.5.21 puede solucionar este problema. El nombre del parche es f1a9eea2dfff30fb99d825bac194a676a82b9ec8. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216771."
}
],
"id": "CVE-2020-36630",
"lastModified": "2024-11-21T05:29:56.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-25T20:15:25.100",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.216771"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.216771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216771"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:35
Severity ?
Summary
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E2C532-4435-4E8B-A882-E7F9CEBCE5F5",
"versionEndIncluding": "14.0.10.7",
"versionStartIncluding": "14.0.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple XSS vulnerabilities exist in the Backup \u0026 Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user\u0027s account."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades XSS en el m\u00f3dulo Backup \u0026amp; Restore \\ versiones v14.0.10.2 hasta v14.0.10.7 para FreePBX, como se muestra en /admin/config.php?display=backup en el sitio web FreePBX Administrator. Un atacante puede modificar el par\u00e1metro id de la pantalla de configuraci\u00f3n de copia de seguridad e insertar c\u00f3digo XSS malicioso por medio de un enlace. Cuando otro usuario (como un administrador) hace clic sobre el enlace, la carga \u00fatil de XSS se renderizar\u00e1 y ejecutar\u00e1 en el contexto de la cuenta del usuario v\u00edctima."
}
],
"id": "CVE-2019-19615",
"lastModified": "2024-11-21T04:35:03.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T21:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-21 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.freepbx.org/browse/FREEPBX-20436 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.freepbx.org/browse/FREEPBX-20436 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED37131-8990-48EF-A4B1-7B612DB29C5C",
"versionEndExcluding": "13.0.2.6",
"versionStartIncluding": "13.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B589D89-2766-4650-A731-C8664ABADAC0",
"versionEndExcluding": "15.0.6",
"versionStartIncluding": "15.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:manager:13.0.1:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "18119454-234A-476B-9145-883E13727510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0451B14C-368A-4C87-A92F-609067382EA8",
"versionEndExcluding": "14.0.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool\u0026display=manager."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Manager versiones 13.x anteriores a 13.0.2.6 y versiones 15.x anteriores a 15.0.6 antes del FreePBX versi\u00f3n 14.0.10.3. En el formulario module de Manager (archivo html\\admin\\modules\\manager\\views\\form.php), una variable managerdisplay no saneada que proviene de la URL es reflejada en HTML, conllevando a una vulnerabilidad de tipo XSS. Que puede ser solicitada mediante una petici\u00f3n GET en /config.php?type=tool\u0026amp;display=manager."
}
],
"id": "CVE-2019-16967",
"lastModified": "2024-11-21T04:31:26.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-21T20:15:10.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20436"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://issues.freepbx.org/browse/FREEPBX-20436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 12:15
Modified
2024-11-21 08:24
Severity ?
Summary
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67A2BA00-D508-4A51-A615-13C9E00722EC",
"versionEndExcluding": "15.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCF3B9C-F378-41AB-9A2B-B7463ADE57D2",
"versionEndExcluding": "16.0.17",
"versionStartIncluding": "16.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5211D126-B9A2-4834-898C-90EB8AEFFF15",
"versionEndExcluding": "15.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6922607E-29FD-4DFA-9E61-C7C2A134F7F1",
"versionEndExcluding": "16.0.40",
"versionStartIncluding": "16.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 conten\u00eda un problema de control de acceso a trav\u00e9s de un valor de par\u00e1metro modificado, por ejemplo, cambiando extensi\u00f3n=self a extensi\u00f3n=101."
}
],
"id": "CVE-2023-43336",
"lastModified": "2024-11-21T08:24:00.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T12:15:09.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://freepbx.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://sangoma.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://freepbx.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://sangoma.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-06 16:15
Modified
2024-11-21 04:34
Severity ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59469524-BCC0-4BBE-BB19-2B0D8ADC233C",
"versionEndIncluding": "13.0.76.43",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63535AD2-3440-4734-A0A7-E27031192C01",
"versionEndIncluding": "14.0.7",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE7AED-E091-4D51-B1CD-79AAD5E7F4A1",
"versionEndIncluding": "15.0.20",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user\u0027s account."
},
{
"lang": "es",
"value": "En userman versiones 13.0.76.43 hasta 15.0.20 en Sangoma FreePBX, se presenta una vulnerabilidad de tipo XSS en la pantalla de administraci\u00f3n de usuarios del sitio web del Administrador, es decir, el URI /admin/config.php?display=userman. Un atacante con privilegios suficientes puede editar el Display Name de un usuario e insertar c\u00f3digo XSS malicioso. Cuando otro usuario (como un administrador) visita la pantalla User Management principal, la carga XSS ser\u00e1 renderizada y ejecutada en el contexto de la cuenta del usuario v\u00edctima."
}
],
"id": "CVE-2019-19552",
"lastModified": "2024-11-21T04:34:57.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-06T16:15:11.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.4 | |
| freepbx | freepbx | 2.4.0_beta1 | |
| freepbx | freepbx | 2.4.0_beta2 | |
| freepbx | freepbx | 2.4.1 | |
| freepbx | freepbx | 2.5 | |
| freepbx | freepbx | 2.5.0_beta1 | |
| freepbx | freepbx | 2.5.0rc2 | |
| freepbx | freepbx | 2.5.0rc3 | |
| freepbx | freepbx | 2.5.1 | |
| freepbx | freepbx | 2.5.2 | |
| sangoma | freepbx | 2.4.0 | |
| sangoma | freepbx | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "455E97D6-B069-49D6-B510-3D4112A9E1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1E1278-3114-4BD1-B589-30B5313C9502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D216B0-31D6-4288-8773-FB2438944492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "11ACC1C9-A2C3-41CA-B608-C474B642A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A021AB-A142-4DAD-9EB0-2352C625D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0B173F-2161-4E40-A712-90DA6B997820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "613A39A4-976E-4535-9408-533F957F7F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B657C6-A2DF-432A-9F46-1157C630CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9734B50E-BEA8-41DF-835F-7B15A9BB31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9645D4F-BB03-49AD-AE79-6FE990BF18FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en FreePBX 2.5.1, y otros 2.4.x, 2.5.x, y versiones pre-lanzamiento 2.6.x, permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores en peticiones que crean una nueva cuenta de administrador o tener otros impactos no especificados."
}
],
"id": "CVE-2009-1802",
"lastModified": "2024-11-21T01:03:24.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-28T14:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54262"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.4 | |
| freepbx | freepbx | 2.4.0_beta1 | |
| freepbx | freepbx | 2.4.0_beta2 | |
| freepbx | freepbx | 2.4.1 | |
| freepbx | freepbx | 2.5 | |
| freepbx | freepbx | 2.5.0_beta1 | |
| freepbx | freepbx | 2.5.0rc2 | |
| freepbx | freepbx | 2.5.0rc3 | |
| freepbx | freepbx | 2.5.1 | |
| freepbx | freepbx | 2.5.2 | |
| sangoma | freepbx | 2.4.0 | |
| sangoma | freepbx | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "455E97D6-B069-49D6-B510-3D4112A9E1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1E1278-3114-4BD1-B589-30B5313C9502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D216B0-31D6-4288-8773-FB2438944492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "11ACC1C9-A2C3-41CA-B608-C474B642A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A021AB-A142-4DAD-9EB0-2352C625D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0B173F-2161-4E40-A712-90DA6B997820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "613A39A4-976E-4535-9408-533F957F7F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B657C6-A2DF-432A-9F46-1157C630CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9734B50E-BEA8-41DF-835F-7B15A9BB31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9645D4F-BB03-49AD-AE79-6FE990BF18FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
},
{
"lang": "es",
"value": "FreePBX v2.5.1, v2.4.x, v2.5.x, y pre-release v2.6.x, genera distintos errores tras intentos de login fallidos dependiendo de si la cuenta de usuario existe o no, lo que permite a atacantes remotos listar nombres de usuarios v\u00e1alidos."
}
],
"id": "CVE-2009-1803",
"lastModified": "2024-11-21T01:03:24.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-28T14:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/54263"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/54263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-06 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07ACFC02-9307-4566-94F4-27D8991719CA",
"versionEndIncluding": "2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en FreePBX v2.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de contexto (1) al panel/index_amp.php o (2) Panel/dhtml/index.php, (3) CLID o (4) par\u00e1metros clidname al panel/flash/mypage.php, (5) PATH_INFO para admin/views/freepbx_reload.php, o (6) par\u00e1metro login/index.php a las grabaciones."
}
],
"id": "CVE-2012-4870",
"lastModified": "2024-11-21T01:43:38.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-06T17:55:02.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48463"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48475"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"source": "cve@mitre.org",
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-29 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/102854 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102854 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:10.13.66:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB14472-7F62-4AF7-9F83-07CCBA731757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:14.0.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "476EBCD5-7032-4453-8C67-9693A57B7F30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors."
},
{
"lang": "es",
"value": "** EN DISPUTA ** FreePBX 10.13.66-32bit y 14.0.1.24 (SNG7-PBX-64bit-1712-2) permite inyecci\u00f3n SQL de posautenticaci\u00f3n mediante el par\u00e1metro order. NOTA: el vendedor discute este problema porque es intencional que un usuario pueda \"modificar directamente las tablas SQL...\". [o] ejecutar scripts shell .... una vez .... conectados a la interfaz de administraci\u00f3n; no hay necesidad de intentar encontrar errores de validaci\u00f3n de entrada\"."
}
],
"id": "CVE-2018-6393",
"lastModified": "2024-11-21T04:10:37.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-29T20:29:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102854"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-20 17:15
Modified
2024-11-21 03:51
Severity ?
Summary
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:15.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "31CDB8E8-DDC5-4FD0-B92F-0CE8B546728D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5E032A-03FF-4A60-954C-87D87041C8A4",
"versionEndExcluding": "13.0.122.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C7941-32F4-4FE8-8CC7-2A5C1B79B562",
"versionEndExcluding": "14.0.18.34",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC65822-E00B-46C8-A7EF-C226C5B14FAE",
"versionEndIncluding": "15.0.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:15.0.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7A84BC1D-AB54-4019-B2CF-C0928AD318FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name."
},
{
"lang": "es",
"value": "Se detecto un problema en el n\u00facleo de FreePBX antes de la versi\u00f3n 3.0.122.43, 14.0.18.34 y 5.0.1beta4. Al crear una solicitud para agregar m\u00f3dulos de Asterisk, un atacante puede almacenar comandos de JavaScript en el nombre de un m\u00f3dulo."
}
],
"id": "CVE-2018-15891",
"lastModified": "2024-11-21T03:51:39.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-20T17:15:09.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.freepbx.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.freepbx.org/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-06 16:15
Modified
2024-11-21 04:34
Severity ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59469524-BCC0-4BBE-BB19-2B0D8ADC233C",
"versionEndIncluding": "13.0.76.43",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63535AD2-3440-4734-A0A7-E27031192C01",
"versionEndIncluding": "14.0.7",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE7AED-E091-4D51-B1CD-79AAD5E7F4A1",
"versionEndIncluding": "15.0.20",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user\u0027s profile, the XSS payload will render and execute in the context of the victim user\u0027s account."
},
{
"lang": "es",
"value": "En userman versiones 13.0.76.43 hasta 15.0.20 en Sangoma FreePBX, se presenta una vulnerabilidad de tipo XSS en la pantalla User Management del sitio web del Administrador. Un atacante con acceso a la aplicaci\u00f3n User Control Panel puede enviar valores maliciosos en algunos de los campos time/date formatting y time-zone. Estos campos no se est\u00e1n saneando apropiadamente. Si esto se hace y un usuario (como un administrador) visita la pantalla User Management y visualiza el perfil de ese usuario, la carga \u00fatil de XSS ser\u00e1 renderizada y ejecutada en el contexto de la cuenta del usuario v\u00edctima."
}
],
"id": "CVE-2019-19551",
"lastModified": "2024-11-21T04:34:57.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-06T16:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:35
Severity ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F67046E2-B151-45A7-933E-7A985408AAA8",
"versionEndIncluding": "13.0.26.9",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7EDADFC-4863-4DA9-B10D-B440CAED8A04",
"versionEndIncluding": "14.0.2.14",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C07E54-5668-44EB-B771-2BA6F3A08B0D",
"versionEndIncluding": "15.0.15.4",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Inyecci\u00f3n XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15 dentro de la pantalla de reporte Call Event Logging en el m\u00f3dulo cel en el URI admin/config.php?display=cel por medio de campos de fecha. Esto afecta cel versiones hasta 13.0.26.9, versiones 14.x hasta 14.0.2.14 y versiones 15.x hasta 15.0.15.4."
}
],
"id": "CVE-2019-19852",
"lastModified": "2024-11-21T04:35:32.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T21:15:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B1A93-DE5D-4EDD-8687-EDF03FBEF37B",
"versionEndIncluding": "13.0.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6A2345-CC98-477D-9CEF-1202FA8BE9B5",
"versionEndIncluding": "14.0.24",
"versionStartIncluding": "14.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1EE583-94CD-44CC-9B8D-56F31E48CB5B",
"versionEndIncluding": "15.0.2.20",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Inyecci\u00f3n de XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15, dentro de la p\u00e1gina Debug/Test del m\u00f3dulo Superfecta en el URI admin/config.php?display=superfecta. Esto afecta a Superfecta versiones hasta 13.0.4.7, versiones 14.x hasta 14.0.24 y versiones 15.x hasta 15.0.2.20."
}
],
"id": "CVE-2019-19851",
"lastModified": "2024-11-21T04:35:31.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T16:15:12.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "455E97D6-B069-49D6-B510-3D4112A9E1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1E1278-3114-4BD1-B589-30B5313C9502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D216B0-31D6-4288-8773-FB2438944492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "11ACC1C9-A2C3-41CA-B608-C474B642A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A021AB-A142-4DAD-9EB0-2352C625D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0B173F-2161-4E40-A712-90DA6B997820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "613A39A4-976E-4535-9408-533F957F7F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B657C6-A2DF-432A-9F46-1157C630CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9734B50E-BEA8-41DF-835F-7B15A9BB31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9645D4F-BB03-49AD-AE79-6FE990BF18FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS) en FreePBX v2.5.1, y otras v2.4.x, v2.5.x, y versiones pre-release v2.6.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s (1) del par\u00e1metro display a reports.php, (2) el order y (3) el par\u00e1metro extdisplay a config.php, y (4) el par\u00e1metro sort a recordings/index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2009-1801",
"lastModified": "2024-11-21T01:03:24.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-28T14:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54259"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54260"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54261"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freepbx.org/trac/ticket/3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-07 14:55
Modified
2024-11-21 02:16
Severity ?
Summary
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.10.0.0 | |
| freepbx | freepbx | 2.10.0.1 | |
| freepbx | freepbx | 2.10.0.2 | |
| freepbx | freepbx | 2.10.0.3 | |
| freepbx | freepbx | 2.10.0.4 | |
| freepbx | freepbx | 2.10.0.5 | |
| freepbx | freepbx | 2.10.0.6 | |
| freepbx | freepbx | 2.10.0.7 | |
| freepbx | freepbx | 2.10.0.8 | |
| freepbx | freepbx | 2.10.0.9 | |
| freepbx | freepbx | 2.10.0.10 | |
| freepbx | freepbx | 2.11.1.0 | |
| freepbx | freepbx | 2.11.1.1 | |
| freepbx | freepbx | 2.11.1.2 | |
| freepbx | freepbx | 2.11.1.3 | |
| freepbx | freepbx | 2.11.1.4 | |
| sangoma | freepbx | * | |
| sangoma | freepbx | 2.11.0.0 | |
| sangoma | freepbx | 2.11.0.1 | |
| sangoma | freepbx | 2.11.0.2 | |
| sangoma | freepbx | 2.11.0.3 | |
| sangoma | freepbx | 2.11.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6317E737-4318-4986-AC41-9F69BEEE57C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B24685-54DE-4F76-AC05-3CA32A63E34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "182B7950-427E-4F48-968D-125DC480F00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4126EAD1-F307-4252-B951-AF6BA8AB50AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD066D-9777-4D58-B283-38C35BD97171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7035B567-4728-4E8C-B27C-5C37445C89C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A591ECCE-6DBC-45BE-908F-BC5D8D817DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A284DA73-FD42-4C79-A4B7-3A1848F3883B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F04952AA-A9F1-4C2F-A19A-5DF5D4CB27AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CA512E0C-5E77-4D67-8E49-D6F5B7DCE87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F29B0F2-C3A3-401C-A8D1-842E1D660BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D4517F-EDED-49C3-B0E7-72703D49D78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "787A42CA-870B-4595-8234-93C6E3D68A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "697C8EA2-5E93-46A8-B604-49DDCEA8B0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A082A340-769A-4925-AA29-4334B4940F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04B6860F-F3D1-42E4-908D-789E26F00640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "575E3DA5-B8DE-47CC-A322-50EE531A5365",
"versionEndIncluding": "2.9.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90B28D54-5FBD-403C-BA01-3D2CF2F8D8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37704860-CB88-4182-9928-35A2CCDDA0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30DB72FB-2D60-4C78-B2E3-A54857FA382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A36B78CA-1130-4045-99C3-339132F4ED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0675B567-E2FB-4870-BD42-5CB97DA1B9E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014."
},
{
"lang": "es",
"value": "En el archivo htdocs_ari/includes/login.php en el m\u00f3dulo del Framework ARI/Asterisk Recording Interface (ARI) en FreePBX anterior a versi\u00f3n 2.9.0.9, versiones 2.10.x y versiones 2.11 anteriores a 2.11.1.5, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de la cookie ari_auth, relacionada con la funci\u00f3n unserialize de PHP, como se explot\u00f3 \u201cin the wild\u201d en septiembre de 2014."
}
],
"id": "CVE-2014-7235",
"lastModified": "2024-11-21T02:16:34.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-07T14:55:09.093",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61601"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70188"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/41005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15601D4B-F4D7-4A59-AA59-F9C28DCF6E33",
"versionEndIncluding": "13.0.197.13",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC783D51-829F-4F40-8C11-8006CFD56701",
"versionEndIncluding": "14.0.13.11",
"versionStartIncluding": "14.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55D2FF3D-ED67-46E2-98D5-E01B14100E9E",
"versionEndIncluding": "15.0.16.26",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control."
},
{
"lang": "es",
"value": "Sangoma FreePBX versi\u00f3n 115.0.16.26 y anteriores, versi\u00f3n 14.0.13.11 y anteriores, versi\u00f3n 13.0.197.13 y anteriores, presenta un Control de Acceso Incorrecto."
}
],
"id": "CVE-2019-19006",
"lastModified": "2024-11-21T04:33:58.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T18:15:11.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://pastebin.com/2CdsQMKW"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.freepbx.org/category/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://pastebin.com/2CdsQMKW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.freepbx.org/category/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-28 18:00
Modified
2024-11-21 01:18
Severity ?
Summary
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3022F746-A202-4F08-9B69-4DF7FC850F33",
"versionEndIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de salto de directorio en page.recordings.php en el componente System Recordings en la interface de cofiguraci\u00f3n en interfaz en FreePBX v2.8.0 y anteriores permite a administradores autenticados remotamente crear ficheros a su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro usersnum en dmin/config.php, como qued\u00f3 demostrado en la creacci\u00f3n de un fichero .php bajo la ra\u00edz web. \r\n"
}
],
"id": "CVE-2010-3490",
"lastModified": "2024-11-21T01:18:51.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-28T18:00:03.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/15098"
},
{
"source": "cve@mitre.org",
"url": "http://www.freepbx.org/trac/ticket/4553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513947/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43454"
},
{
"source": "cve@mitre.org",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freepbx.org/trac/ticket/4553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-22 19:15
Modified
2024-11-21 06:32
Severity ?
Summary
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | Vendor Advisory | |
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:restapps:15.0.19.87:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE2B09F-4D55-4B15-ACEC-222A2C3F1B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:restapps:15.0.19.88:*:*:*:*:*:*:*",
"matchCriteriaId": "2281ABC0-04AF-4E1D-9EE9-B1ED5E6439B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:restapps:16.0.18.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAA7BD6-BDF7-4AA3-AB9C-F1B744CEFF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:restapps:16.0.18.41:*:*:*:*:*:*:*",
"matchCriteriaId": "816DE90F-84BC-4966-9082-72579923B454",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56F9D7C9-4F22-4BB6-9F17-CE0DFC2CD659",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sangoma:pbxact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1651BD00-B317-42A0-BC87-247808F8860F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19."
},
{
"lang": "es",
"value": "FreePBX, cuando es instalado restapps (tambi\u00e9n se conoce como Rest Phone Apps) versiones 15.0.19.87, 15.0.19.88, 16.0.18.40, o 16.0.18.41, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, como es explotado \"in the wild\" en diciembre de 2021. Las versiones corregidas son 15.0.20 y la 16.0.19"
}
],
"id": "CVE-2021-45461",
"lastModified": "2024-11-21T06:32:15.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-22T19:15:11.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/0-day-freepbx-exploit/80092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-06 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D8B83D-8DCD-4C5E-886E-A74BCBB5EF8C",
"versionEndIncluding": "2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "04919406-CF00-4CEA-8D63-B2F13C93C05F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action."
},
{
"lang": "es",
"value": "La funci\u00f3n callme_startcall en recordings/misc/callme_page.php en FreePBX v2.9, v2.10 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro callmenum en acci\u00f3n alterna."
}
],
"id": "CVE-2012-4869",
"lastModified": "2024-11-21T01:43:38.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-06T17:55:02.300",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48463"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18659"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Mar/234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.freepbx.org/trac/ticket/5711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 11:55
Modified
2024-11-21 02:05
Severity ?
Summary
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2A91F7BB-328B-446A-82F5-006372BB6A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "218DEE69-9011-4F41-8652-9546A575A066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freepbx:freepbx:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2074522D-B309-488E-8FF3-CB04FC862306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "04919406-CF00-4CEA-8D63-B2F13C93C05F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php."
},
{
"lang": "es",
"value": "admin/libraries/view.functions.php en FreePBX 2.9 anterior a 2.9.0.14, 2.10 anterior a 2.10.1.15, 2.11 anterior a 2.11.0.23 y 12 anterior a 12.0.1alpha22 no restringe el conjunto de funciones accesibles al manejador de la API, lo que permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de los par\u00e1metros function y args hacia admin/config.php."
}
],
"id": "CVE-2014-1903",
"lastModified": "2024-11-21T02:05:14.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T11:55:16.977",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html"
},
{
"source": "cve@mitre.org",
"url": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03"
},
{
"source": "cve@mitre.org",
"url": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7117"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7123"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/103240"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531040/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://issues.freepbx.org/browse/FREEPBX-7123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/103240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531040/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}