Vulnerabilites related to sangoma - freepbx
cve-2009-1803
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/54263 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:27:54.399Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54263", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/54263", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/34857", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-05-28T14:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "54263", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/54263", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/34857", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-1803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54263", refsource: "OSVDB", url: "http://www.osvdb.org/54263", }, { name: "http://freepbx.org/trac/ticket/3660", refsource: "CONFIRM", url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", refsource: "SECUNIA", url: "http://secunia.com/advisories/34772", }, { name: "34857", refsource: "BID", url: "http://www.securityfocus.com/bid/34857", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1803", datePublished: "2009-05-28T14:00:00Z", dateReserved: "2009-05-28T00:00:00Z", dateUpdated: "2024-09-16T22:51:26.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7235
Vulnerability from cvelistv5
Published
2014-10-07 14:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html | x_refsource_MISC | |
| http://secunia.com/advisories/61601 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836 | x_refsource_CONFIRM | |
| http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96790 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/41005/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/70188 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", }, { name: "61601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61601", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", }, { name: "freepbx-ariframework-code-exec(96790)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790", }, { name: "41005", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/41005/", }, { name: "70188", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70188", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-30T00:00:00", descriptions: [ { lang: "en", value: "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", }, { name: "61601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61601", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", }, { name: "freepbx-ariframework-code-exec(96790)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790", }, { name: "41005", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/41005/", }, { name: "70188", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70188", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", }, { name: "61601", refsource: "SECUNIA", url: "http://secunia.com/advisories/61601", }, { name: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", refsource: "CONFIRM", url: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", }, { name: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", refsource: "CONFIRM", url: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", }, { name: "freepbx-ariframework-code-exec(96790)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790", }, { name: "41005", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/41005/", }, { name: "70188", refsource: "BID", url: "http://www.securityfocus.com/bid/70188", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7235", datePublished: "2014-10-07T14:00:00", dateReserved: "2014-09-30T00:00:00", dateUpdated: "2024-08-06T12:40:19.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-1903
Vulnerability from cvelistv5
Published
2014-02-18 11:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:58:14.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", }, { name: "103240", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103240", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", }, { name: "20140211 Re: Freepbx , php code execution exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", }, { name: "20140211 Freepbx , php code execution exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.freepbx.org/browse/FREEPBX-7123", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://issues.freepbx.org/browse/FREEPBX-7117", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", }, { name: "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531040/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", }, { name: "103240", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103240", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", }, { name: "20140211 Re: Freepbx , php code execution exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", }, { name: "20140211 Freepbx , php code execution exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.freepbx.org/browse/FREEPBX-7123", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://issues.freepbx.org/browse/FREEPBX-7117", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", }, { name: "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531040/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-1903", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", refsource: "MISC", url: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", }, { name: "103240", refsource: "OSVDB", url: "http://osvdb.org/103240", }, { name: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", refsource: "CONFIRM", url: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", }, { name: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", refsource: "CONFIRM", url: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", }, { name: "20140211 Re: Freepbx , php code execution exploit", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html", }, { name: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", }, { name: "20140211 Freepbx , php code execution exploit", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html", }, { name: "http://issues.freepbx.org/browse/FREEPBX-7123", refsource: "CONFIRM", url: "http://issues.freepbx.org/browse/FREEPBX-7123", }, { name: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", refsource: "CONFIRM", url: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", }, { name: "http://issues.freepbx.org/browse/FREEPBX-7117", refsource: "CONFIRM", url: "http://issues.freepbx.org/browse/FREEPBX-7117", }, { name: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", }, { name: "20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531040/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-1903", datePublished: "2014-02-18T11:00:00", dateReserved: "2014-02-07T00:00:00", dateUpdated: "2024-08-06T09:58:14.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-25090
Vulnerability from cvelistv5
Published
2022-12-27 12:04
Modified
2024-08-05 03:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.216878 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.216878 | signature, permissions-required | |
| https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | patch | |
| https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FreePBX | arimanager |
Version: 13.0.5.0 Version: 13.0.5.1 Version: 13.0.5.2 Version: 13.0.5.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:00:19.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.216878", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.216878", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "Views Handler", ], product: "arimanager", vendor: "FreePBX", versions: [ { status: "affected", version: "13.0.5.0", }, { status: "affected", version: "13.0.5.1", }, { status: "affected", version: "13.0.5.2", }, { status: "affected", version: "13.0.5.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine Schwachstelle wurde in FreePBX arimanager bis 13.0.5.3 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Views Handler. Mit der Manipulation des Arguments dataurl mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 13.0.5.4 vermag dieses Problem zu lösen. Der Patch wird als 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-27T12:04:53.087Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.216878", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.216878", }, { tags: [ "patch", ], url: "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab", }, { tags: [ "patch", ], url: "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4", }, ], timeline: [ { lang: "en", time: "2022-12-27T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2022-12-27T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2022-12-27T13:09:50.000Z", value: "VulDB last update", }, ], title: "FreePBX arimanager Views cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2019-25090", datePublished: "2022-12-27T12:04:53.087Z", dateReserved: "2022-12-27T12:03:22.385Z", dateUpdated: "2024-08-05T03:00:19.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4869
Vulnerability from cvelistv5
Published
2012-09-06 17:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18649 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/18659 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2012/Mar/234 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/48463 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52630 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74174 | vdb-entry, x_refsource_XF | |
| http://www.freepbx.org/trac/ticket/5711 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:50:17.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "18649", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/18649", }, { name: "18659", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/18659", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "20120320 FreePBX remote command execution, xss", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48463", }, { name: "52630", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52630", }, { name: "freepbx-callmepage-command-exec(74174)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freepbx.org/trac/ticket/5711", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-20T00:00:00", descriptions: [ { lang: "en", value: "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "18649", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/18649", }, { name: "18659", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/18659", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "20120320 FreePBX remote command execution, xss", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48463", }, { name: "52630", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52630", }, { name: "freepbx-callmepage-command-exec(74174)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freepbx.org/trac/ticket/5711", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4869", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "18649", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/18649", }, { name: "18659", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/18659", }, { name: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", refsource: "MISC", url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "20120320 FreePBX remote command execution, xss", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", refsource: "SECUNIA", url: "http://secunia.com/advisories/48463", }, { name: "52630", refsource: "BID", url: "http://www.securityfocus.com/bid/52630", }, { name: "freepbx-callmepage-command-exec(74174)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174", }, { name: "http://www.freepbx.org/trac/ticket/5711", refsource: "CONFIRM", url: "http://www.freepbx.org/trac/ticket/5711", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4869", datePublished: "2012-09-06T17:00:00", dateReserved: "2012-09-06T00:00:00", dateUpdated: "2024-08-06T20:50:17.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19552
Vulnerability from cvelistv5
Published
2019-12-06 15:02
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:48.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-06T15:02:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19552", datePublished: "2019-12-06T15:02:45", dateReserved: "2019-12-04T00:00:00", dateUpdated: "2024-08-05T02:16:48.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16967
Vulnerability from cvelistv5
Published
2019-10-21 19:10
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.freepbx.org/browse/FREEPBX-20436 | x_refsource_MISC | |
| https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.freepbx.org/browse/FREEPBX-20436", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-21T19:10:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://issues.freepbx.org/browse/FREEPBX-20436", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", }, { tags: [ "x_refsource_MISC", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16967", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://issues.freepbx.org/browse/FREEPBX-20436", refsource: "MISC", url: "https://issues.freepbx.org/browse/FREEPBX-20436", }, { name: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", refsource: "MISC", url: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", }, { name: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", refsource: "MISC", url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16967", datePublished: "2019-10-21T19:10:13", dateReserved: "2019-09-29T00:00:00", dateUpdated: "2024-08-05T01:24:48.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6393
Vulnerability from cvelistv5
Published
2018-01-29 20:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102854 | vdb-entry, x_refsource_BID | |
| http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:49.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", }, { name: "102854", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102854", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-29T00:00:00", descriptions: [ { lang: "en", value: "FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-15T07:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", }, { name: "102854", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102854", }, { tags: [ "x_refsource_MISC", ], url: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", refsource: "MISC", url: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", }, { name: "102854", refsource: "BID", url: "http://www.securityfocus.com/bid/102854", }, { name: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", refsource: "MISC", url: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6393", datePublished: "2018-01-29T20:00:00", dateReserved: "2018-01-29T00:00:00", dateUpdated: "2024-08-05T06:01:49.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19538
Vulnerability from cvelistv5
Published
2020-03-16 20:08
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00 | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:48.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T20:08:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", refsource: "MISC", url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", }, { name: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19538", datePublished: "2020-03-16T20:08:15", dateReserved: "2019-12-03T00:00:00", dateUpdated: "2024-08-05T02:16:48.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3490
Vulnerability from cvelistv5
Published
2010-09-28 17:00
Modified
2024-08-07 03:11
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/513947/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/43454 | vdb-entry, x_refsource_BID | |
| http://www.freepbx.org/trac/ticket/4553 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/15098 | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:11:44.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", }, { name: "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/513947/100/0/threaded", }, { name: "43454", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/43454", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.freepbx.org/trac/ticket/4553", }, { name: "15098", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/15098", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-09-23T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", }, { name: "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/513947/100/0/threaded", }, { name: "43454", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/43454", }, { tags: [ "x_refsource_MISC", ], url: "http://www.freepbx.org/trac/ticket/4553", }, { name: "15098", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/15098", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-3490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", refsource: "MISC", url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", }, { name: "20100923 TWSL2010-005: FreePBX recordings interface allows remote code execution", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/513947/100/0/threaded", }, { name: "43454", refsource: "BID", url: "http://www.securityfocus.com/bid/43454", }, { name: "http://www.freepbx.org/trac/ticket/4553", refsource: "MISC", url: "http://www.freepbx.org/trac/ticket/4553", }, { name: "15098", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/15098", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-3490", datePublished: "2010-09-28T17:00:00", dateReserved: "2010-09-23T00:00:00", dateUpdated: "2024-08-07T03:11:44.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10666
Vulnerability from cvelistv5
Published
2021-05-31 11:40
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-31T11:40:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10666", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { name: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10666", datePublished: "2021-05-31T11:40:41", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:10.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15891
Vulnerability from cvelistv5
Published
2019-06-20 16:35
Modified
2024-08-05 10:10
Severity ?
EPSS score ?
Summary
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freepbx.org/ | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:10:06.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.freepbx.org/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-20T16:35:57", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.freepbx.org/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-15891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.freepbx.org/", refsource: "MISC", url: "https://www.freepbx.org/", }, { name: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-15891", datePublished: "2019-06-20T16:35:57", dateReserved: "2018-08-26T00:00:00", dateUpdated: "2024-08-05T10:10:06.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19006
Vulnerability from cvelistv5
Published
2019-11-21 17:51
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freepbx.org/category/blog/ | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass | x_refsource_CONFIRM | |
| https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772 | x_refsource_MISC | |
| https://pastebin.com/2CdsQMKW | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:40.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.freepbx.org/category/blog/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pastebin.com/2CdsQMKW", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-22T15:48:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.freepbx.org/category/blog/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", }, { tags: [ "x_refsource_MISC", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", }, { tags: [ "x_refsource_MISC", ], url: "https://pastebin.com/2CdsQMKW", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.freepbx.org/category/blog/", refsource: "MISC", url: "https://www.freepbx.org/category/blog/", }, { name: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", }, { name: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", refsource: "MISC", url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", }, { name: "https://pastebin.com/2CdsQMKW", refsource: "MISC", url: "https://pastebin.com/2CdsQMKW", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19006", datePublished: "2019-11-21T17:51:14", dateReserved: "2019-11-15T00:00:00", dateUpdated: "2024-08-05T02:02:40.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19551
Vulnerability from cvelistv5
Published
2019-12-06 15:04
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-06T15:04:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19551", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19551", datePublished: "2019-12-06T15:04:14", dateReserved: "2019-12-04T00:00:00", dateUpdated: "2024-08-05T02:16:47.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-36630
Vulnerability from cvelistv5
Published
2022-12-25 19:20
Modified
2024-08-04 17:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.216771 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.216771 | signature, permissions-required | |
| https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | patch | |
| https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | patch |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:30:08.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.216771", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.216771", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "cdr", vendor: "FreePBX", versions: [ { status: "affected", version: "14.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.", }, { lang: "de", value: "Es wurde eine Schwachstelle in FreePBX cdr 14.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion ajaxHandler der Datei ucp/Cdr.class.php. Mittels dem Manipulieren des Arguments limit/offset mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 14.0.5.21 vermag dieses Problem zu lösen. Der Patch wird als f1a9eea2dfff30fb99d825bac194a676a82b9ec8 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-25T19:20:13.546Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.216771", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.216771", }, { tags: [ "patch", ], url: "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8", }, { tags: [ "patch", ], url: "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21", }, ], timeline: [ { lang: "en", time: "2022-12-25T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2022-12-25T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2022-12-25T20:25:10.000Z", value: "VulDB last update", }, ], title: "FreePBX cdr Cdr.class.php ajaxHandler sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2020-36630", datePublished: "2022-12-25T19:20:13.546Z", dateReserved: "2022-12-25T19:18:53.973Z", dateUpdated: "2024-08-04T17:30:08.684Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4870
Vulnerability from cvelistv5
Published
2012-09-06 17:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18649 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74173 | vdb-entry, x_refsource_XF | |
| http://seclists.org/fulldisclosure/2012/Mar/234 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/48463 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52630 | vdb-entry, x_refsource_BID | |
| http://www.freepbx.org/trac/ticket/5711 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48475 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:50:17.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "18649", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/18649", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "freepbx-multiple-xss(74173)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173", }, { name: "20120320 FreePBX remote command execution, xss", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48463", }, { name: "52630", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52630", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freepbx.org/trac/ticket/5711", }, { name: "48475", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48475", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "18649", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/18649", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "freepbx-multiple-xss(74173)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173", }, { name: "20120320 FreePBX remote command execution, xss", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48463", }, { name: "52630", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52630", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freepbx.org/trac/ticket/5711", }, { name: "48475", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48475", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4870", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "18649", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/18649", }, { name: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", refsource: "MISC", url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { name: "freepbx-multiple-xss(74173)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173", }, { name: "20120320 FreePBX remote command execution, xss", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { name: "48463", refsource: "SECUNIA", url: "http://secunia.com/advisories/48463", }, { name: "52630", refsource: "BID", url: "http://www.securityfocus.com/bid/52630", }, { name: "http://www.freepbx.org/trac/ticket/5711", refsource: "CONFIRM", url: "http://www.freepbx.org/trac/ticket/5711", }, { name: "48475", refsource: "SECUNIA", url: "http://secunia.com/advisories/48475", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4870", datePublished: "2012-09-06T17:00:00", dateReserved: "2012-09-06T00:00:00", dateUpdated: "2024-08-06T20:50:17.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19852
Vulnerability from cvelistv5
Published
2020-03-16 20:36
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:12.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T20:36:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { name: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19852", datePublished: "2020-03-16T20:36:44", dateReserved: "2019-12-17T00:00:00", dateUpdated: "2024-08-05T02:25:12.896Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-1802
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/54262 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:27:54.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54262", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/54262", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/34857", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-05-28T14:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "54262", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/54262", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/34857", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-1802", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54262", refsource: "OSVDB", url: "http://osvdb.org/54262", }, { name: "http://freepbx.org/trac/ticket/3660", refsource: "CONFIRM", url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", refsource: "SECUNIA", url: "http://secunia.com/advisories/34772", }, { name: "34857", refsource: "BID", url: "http://www.securityfocus.com/bid/34857", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1802", datePublished: "2009-05-28T14:00:00Z", dateReserved: "2009-05-28T00:00:00Z", dateUpdated: "2024-09-17T00:26:13.030Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19615
Vulnerability from cvelistv5
Published
2020-03-16 20:27
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:11.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple XSS vulnerabilities exist in the Backup & Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T20:27:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19615", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple XSS vulnerabilities exist in the Backup & Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { name: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", refsource: "CONFIRM", url: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19615", datePublished: "2020-03-16T20:27:42", dateReserved: "2019-12-06T00:00:00", dateUpdated: "2024-08-05T02:25:11.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19851
Vulnerability from cvelistv5
Published
2020-03-16 15:07
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | x_refsource_MISC | |
| https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:12.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:07:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19851", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", refsource: "MISC", url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { name: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19851", datePublished: "2020-03-16T15:07:37", dateReserved: "2019-12-17T00:00:00", dateUpdated: "2024-08-05T02:25:12.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-1801
Vulnerability from cvelistv5
Published
2009-05-28 14:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50361 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/54260 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/54261 | vdb-entry, x_refsource_OSVDB | |
| http://freepbx.org/trac/ticket/3660 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34857 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54259 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:27:54.569Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "freepbx-reports-xss(50361)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361", }, { name: "54260", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/54260", }, { name: "54261", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/54261", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/34857", }, { name: "54259", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/54259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-05-06T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "freepbx-reports-xss(50361)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361", }, { name: "54260", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/54260", }, { name: "54261", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/54261", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34772", }, { name: "34857", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/34857", }, { name: "54259", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/54259", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-1801", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "freepbx-reports-xss(50361)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361", }, { name: "54260", refsource: "OSVDB", url: "http://osvdb.org/54260", }, { name: "54261", refsource: "OSVDB", url: "http://osvdb.org/54261", }, { name: "http://freepbx.org/trac/ticket/3660", refsource: "CONFIRM", url: "http://freepbx.org/trac/ticket/3660", }, { name: "34772", refsource: "SECUNIA", url: "http://secunia.com/advisories/34772", }, { name: "34857", refsource: "BID", url: "http://www.securityfocus.com/bid/34857", }, { name: "54259", refsource: "OSVDB", url: "http://osvdb.org/54259", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1801", datePublished: "2009-05-28T14:00:00", dateReserved: "2009-05-28T00:00:00", dateUpdated: "2024-08-07T05:27:54.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45461
Vulnerability from cvelistv5
Published
2021-12-22 18:25
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | x_refsource_MISC | |
| https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | x_refsource_CONFIRM | |
| https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-22T18:25:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", refsource: "MISC", url: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", }, { name: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", refsource: "CONFIRM", url: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", }, { name: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", refsource: "CONFIRM", url: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45461", datePublished: "2021-12-22T18:25:54", dateReserved: "2021-12-22T00:00:00", dateUpdated: "2024-08-04T04:39:21.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53564
Vulnerability from cvelistv5
Published
2024-12-02 00:00
Modified
2025-01-14 16:41
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:coalescent_systems:freepbx:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "freepbx", vendor: "coalescent_systems", versions: [ { status: "affected", version: "v17.0.19.17", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-53564", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T16:40:44.891089Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T16:41:16.578Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "FreePBX", vendor: "Sangoma", versions: [ { status: "affected", version: "17.0.19.17", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", versionEndIncluding: "17.0.19.17", versionStartIncluding: "17.0.19.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.", }, ], metrics: [ { cvssV3_1: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-09T00:01:33.346930Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903", }, { url: "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c", }, ], tags: [ "disputed", ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-53564", datePublished: "2024-12-02T00:00:00", dateReserved: "2024-11-20T00:00:00", dateUpdated: "2025-01-14T16:41:16.578Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16966
Vulnerability from cvelistv5
Published
2019-10-21 18:57
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.freepbx.org/browse/FREEPBX-20437 | x_refsource_MISC | |
| https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | x_refsource_MISC | |
| https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.freepbx.org/browse/FREEPBX-20437", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-21T18:57:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://issues.freepbx.org/browse/FREEPBX-20437", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", }, { tags: [ "x_refsource_MISC", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16966", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://issues.freepbx.org/browse/FREEPBX-20437", refsource: "MISC", url: "https://issues.freepbx.org/browse/FREEPBX-20437", }, { name: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", refsource: "MISC", url: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", }, { name: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", refsource: "MISC", url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16966", datePublished: "2019-10-21T18:57:44", dateReserved: "2019-09-29T00:00:00", dateUpdated: "2024-08-05T01:24:48.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43336
Vulnerability from cvelistv5
Published
2023-11-02 00:00
Modified
2024-09-17 13:14
Severity ?
EPSS score ?
Summary
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:37:23.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://freepbx.com", }, { tags: [ "x_transferred", ], url: "http://sangoma.com", }, { tags: [ "x_transferred", ], url: "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-43336", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T20:22:15.863608Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T13:14:25.445Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-02T11:14:43.302602", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "http://freepbx.com", }, { url: "http://sangoma.com", }, { url: "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-43336", datePublished: "2023-11-02T00:00:00", dateReserved: "2023-09-18T00:00:00", dateUpdated: "2024-09-17T13:14:25.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-05-31 12:15
Modified
2024-11-21 04:55
Severity ?
Summary
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*", matchCriteriaId: "D4EE6D96-B897-490A-AD2D-85FA89A6399F", versionEndIncluding: "13.0.93.2", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*", matchCriteriaId: "FCEBAA67-50C0-4A91-8707-2FB3B1981B9D", versionEndIncluding: "14.0.22.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:restapps:*:*:*:*:*:*:*:*", matchCriteriaId: "725A46EC-3F07-4811-9E90-8CD61316A980", versionEndIncluding: "15.0.19.2", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:-:*:*:*:*:*:*:*", matchCriteriaId: "56F9D7C9-4F22-4BB6-9F17-CE0DFC2CD659", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.", }, { lang: "es", value: "El módulo restapps (también se conoce como aplicaciones Rest Phone) para Sangoma FreePBX y PBXact versiones 13, 14 y 15 hasta 15.0.19.2, permite una ejecución de código remota por medio de una variable URL en un comando AMI", }, ], id: "CVE-2020-10666", lastModified: "2024-11-21T04:55:48.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-31T12:15:08.717", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-21 19:15
Modified
2024-11-21 04:31
Severity ?
Summary
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.freepbx.org/browse/FREEPBX-20437 | Vendor Advisory | |
| cve@mitre.org | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.freepbx.org/browse/FREEPBX-20437 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | contactmanager | * | |
| freepbx | contactmanager | * | |
| freepbx | contactmanager | * | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 13.0.0 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| freepbx | contactmanager | 14.0.1 | |
| sangoma | freepbx | 14.0.10.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*", matchCriteriaId: "59979723-3B4E-45EA-BD04-E25E9A8BACEE", versionEndExcluding: "13.0.45.3", versionStartIncluding: "13.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*", matchCriteriaId: "B7EF4F25-9015-499C-8265-4119AA15CA44", versionEndExcluding: "14.0.5.12", versionStartIncluding: "14.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:*:*:*:*:*:freepbx:*:*", matchCriteriaId: "FE24C29C-53AE-4746-B742-15A5A7E8B57A", versionEndExcluding: "15.0.8.21", versionStartIncluding: "15.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta1:*:*:*:freepbx:*:*", matchCriteriaId: "458222C4-7AF6-4D74-98E3-CC0C308B6085", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta2:*:*:*:freepbx:*:*", matchCriteriaId: "8968630F-6F4F-47FF-AD3E-6AC121597791", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta3:*:*:*:freepbx:*:*", matchCriteriaId: "E087BBAD-8491-4E67-B6FF-3481D9746463", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta4:*:*:*:freepbx:*:*", matchCriteriaId: "E82BD63A-259A-4F71-B5B6-DC8BA24412E9", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:13.0.0:beta5:*:*:*:freepbx:*:*", matchCriteriaId: "B844666B-D752-4018-A795-42223B50E7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:-:*:*:*:freepbx:*:*", matchCriteriaId: "2FDA6DD1-E454-4B35-8B3A-F9897C709A24", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha1:*:*:*:freepbx:*:*", matchCriteriaId: "29E6AFB9-B604-418F-9521-5827F1483D76", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:alpha2:*:*:*:freepbx:*:*", matchCriteriaId: "8B0541CE-673E-4DE8-8319-61EA95756BFB", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta1:*:*:*:freepbx:*:*", matchCriteriaId: "697B337D-3DD3-484D-8AAF-11596EE5A05B", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta2:*:*:*:freepbx:*:*", matchCriteriaId: "18ABD7D8-B6E9-4877-883B-B8932FC9D5ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:contactmanager:14.0.1:beta3:*:*:*:freepbx:*:*", matchCriteriaId: "FA5D2378-F16E-485C-85EC-46F26A01A475", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:14.0.10.3:*:*:*:*:*:*:*", matchCriteriaId: "CE03D797-BB0A-4820-922B-53B35B546259", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\\admin\\modules\\contactmanager\\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.", }, { lang: "es", value: "Se detectó un problema en Contactmanager versiones 13.x anteriores a 13.0.45.3, versiones 14.x anteriores a 14.0.5.12 y versiones 15.x anteriores a 15.0.8.21 para FreePBX versión 14.0.10.3. En la clase Contactmanager (archivo html\\admin\\modules\\contactmanager\\Contactmanager.class.php), una variable group no saneada que proviene de la URL es reflejada en HTML en 2 ocasiones, conllevando a una vulnerabilidad de tipo XSS. Que puede ser solicitada mediante una petición GET en /admin/ajax.php?module=contactmanager.", }, ], id: "CVE-2019-16966", lastModified: "2024-11-21T04:31:26.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-21T19:15:11.030", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://issues.freepbx.org/browse/FREEPBX-20437", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://issues.freepbx.org/browse/FREEPBX-20437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 13:15
Modified
2024-11-21 04:39
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.216878 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.216878 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.216878 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.216878 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "8AB2704E-CFB4-45D4-81FC-FB9B968FA495", versionEndExcluding: "13.0.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en FreePBX arimanager hasta 13.0.5.3 y clasificada como problemática. Una función desconocida del componente Views Handler es afectada por esta vulnerabilidad. La manipulación del argumento dataurl conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. La actualización a la versión 13.0.5.4 puede solucionar este problema. El nombre del parche es 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. Se recomienda actualizar el componente afectado. VDB-216878 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2019-25090", lastModified: "2024-11-21T04:39:54.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T13:15:10.703", references: [ { source: "cna@vuldb.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab", }, { source: "cna@vuldb.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.216878", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.216878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.216878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.216878", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:34
Severity ?
Summary
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "DB8701B6-805C-433E-8FA7-1F3EF62CA458", versionEndExcluding: "13.0.92", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "CFE34EBC-5800-4DAA-A12D-40E058D3320E", versionEndExcluding: "14.0.38.3", versionStartIncluding: "14.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "E34FF5E3-F82D-4090-9BDE-46F0AA668B4B", versionEndExcluding: "15.0.13.6", versionStartIncluding: "15.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.", }, { lang: "es", value: "En Sangoma, los módulos FreePBX versiones 13 hasta 15 y sysadmin versiones 13.0.92 hasta 15.0.13.6 (también se conoce como System Admin), presentan una vulnerabilidad de Ejecución de Comandos Remota que resulta en una Escalada de Privilegios.", }, ], id: "CVE-2019-19538", lastModified: "2024-11-21T04:34:55.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T21:15:12.060", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-25 20:15
Modified
2024-11-21 05:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.216771 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.216771 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.216771 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.216771 | Permissions Required, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "9DF249FA-1F7D-4B99-AA29-FEEDE1D78861", versionEndExcluding: "14.0.5.21", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.", }, { lang: "es", value: "Se encontró una vulnerabilidad en FreePBX cdr 14.0. Ha sido clasificada como crítica. Esto afecta a la función ajaxHandler del archivo ucp/Cdr.class.php. La manipulación del límite/desplazamiento del argumento conduce a la inyección de SQL. La actualización a la versión 14.0.5.21 puede solucionar este problema. El nombre del parche es f1a9eea2dfff30fb99d825bac194a676a82b9ec8. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216771.", }, ], id: "CVE-2020-36630", lastModified: "2024-11-21T05:29:56.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-25T20:15:25.100", references: [ { source: "cna@vuldb.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8", }, { source: "cna@vuldb.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.216771", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.216771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.216771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.216771", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:35
Severity ?
Summary
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E2C532-4435-4E8B-A882-E7F9CEBCE5F5", versionEndIncluding: "14.0.10.7", versionStartIncluding: "14.0.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple XSS vulnerabilities exist in the Backup & Restore module \\ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.", }, { lang: "es", value: "Se presentan múltiples vulnerabilidades XSS en el módulo Backup & Restore \\ versiones v14.0.10.2 hasta v14.0.10.7 para FreePBX, como se muestra en /admin/config.php?display=backup en el sitio web FreePBX Administrator. Un atacante puede modificar el parámetro id de la pantalla de configuración de copia de seguridad e insertar código XSS malicioso por medio de un enlace. Cuando otro usuario (como un administrador) hace clic sobre el enlace, la carga útil de XSS se renderizará y ejecutará en el contexto de la cuenta del usuario víctima.", }, ], id: "CVE-2019-19615", lastModified: "2024-11-21T04:35:03.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T21:15:12.327", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/pages/viewpage.action?pageId=175177911", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-21 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | Patch, Third Party Advisory | |
| cve@mitre.org | https://issues.freepbx.org/browse/FREEPBX-20436 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.freepbx.org/browse/FREEPBX-20436 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/ | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2ED37131-8990-48EF-A4B1-7B612DB29C5C", versionEndExcluding: "13.0.2.6", versionStartIncluding: "13.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7B589D89-2766-4650-A731-C8664ABADAC0", versionEndExcluding: "15.0.6", versionStartIncluding: "15.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:manager:13.0.1:alpha1:*:*:*:*:*:*", matchCriteriaId: "18119454-234A-476B-9145-883E13727510", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "0451B14C-368A-4C87-A92F-609067382EA8", versionEndExcluding: "14.0.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\\admin\\modules\\manager\\views\\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.", }, { lang: "es", value: "Se detectó un problema en Manager versiones 13.x anteriores a 13.0.2.6 y versiones 15.x anteriores a 15.0.6 antes del FreePBX versión 14.0.10.3. En el formulario module de Manager (archivo html\\admin\\modules\\manager\\views\\form.php), una variable managerdisplay no saneada que proviene de la URL es reflejada en HTML, conllevando a una vulnerabilidad de tipo XSS. Que puede ser solicitada mediante una petición GET en /config.php?type=tool&display=manager.", }, ], id: "CVE-2019-16967", lastModified: "2024-11-21T04:31:26.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-21T20:15:10.883", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://issues.freepbx.org/browse/FREEPBX-20436", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://issues.freepbx.org/browse/FREEPBX-20436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 12:15
Modified
2024-11-21 08:24
Severity ?
Summary
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "67A2BA00-D508-4A51-A615-13C9E00722EC", versionEndExcluding: "15.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "2FCF3B9C-F378-41AB-9A2B-B7463ADE57D2", versionEndExcluding: "16.0.17", versionStartIncluding: "16.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "5211D126-B9A2-4834-898C-90EB8AEFFF15", versionEndExcluding: "15.0.18", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "6922607E-29FD-4DFA-9E61-C7C2A134F7F1", versionEndExcluding: "16.0.40", versionStartIncluding: "16.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.", }, { lang: "es", value: "Se descubrió que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 contenía un problema de control de acceso a través de un valor de parámetro modificado, por ejemplo, cambiando extensión=self a extensión=101.", }, ], id: "CVE-2023-43336", lastModified: "2024-11-21T08:24:00.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T12:15:09.673", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://freepbx.com", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "http://sangoma.com", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://freepbx.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://sangoma.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-06 16:15
Modified
2024-11-21 04:34
Severity ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "59469524-BCC0-4BBE-BB19-2B0D8ADC233C", versionEndIncluding: "13.0.76.43", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "63535AD2-3440-4734-A0A7-E27031192C01", versionEndIncluding: "14.0.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "CEEE7AED-E091-4D51-B1CD-79AAD5E7F4A1", versionEndIncluding: "15.0.20", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.", }, { lang: "es", value: "En userman versiones 13.0.76.43 hasta 15.0.20 en Sangoma FreePBX, se presenta una vulnerabilidad de tipo XSS en la pantalla de administración de usuarios del sitio web del Administrador, es decir, el URI /admin/config.php?display=userman. Un atacante con privilegios suficientes puede editar el Display Name de un usuario e insertar código XSS malicioso. Cuando otro usuario (como un administrador) visita la pantalla User Management principal, la carga XSS será renderizada y ejecutada en el contexto de la cuenta del usuario víctima.", }, ], id: "CVE-2019-19552", lastModified: "2024-11-21T04:34:57.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-06T16:15:11.107", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.4 | |
| freepbx | freepbx | 2.4.0_beta1 | |
| freepbx | freepbx | 2.4.0_beta2 | |
| freepbx | freepbx | 2.4.1 | |
| freepbx | freepbx | 2.5 | |
| freepbx | freepbx | 2.5.0_beta1 | |
| freepbx | freepbx | 2.5.0rc2 | |
| freepbx | freepbx | 2.5.0rc3 | |
| freepbx | freepbx | 2.5.1 | |
| freepbx | freepbx | 2.5.2 | |
| sangoma | freepbx | 2.4.0 | |
| sangoma | freepbx | 2.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*", matchCriteriaId: "455E97D6-B069-49D6-B510-3D4112A9E1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "BF1E1278-3114-4BD1-B589-30B5313C9502", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*", matchCriteriaId: "32D216B0-31D6-4288-8773-FB2438944492", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*", matchCriteriaId: "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "11ACC1C9-A2C3-41CA-B608-C474B642A380", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*", matchCriteriaId: "D8A021AB-A142-4DAD-9EB0-2352C625D8CC", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*", matchCriteriaId: "9C0B173F-2161-4E40-A712-90DA6B997820", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "613A39A4-976E-4535-9408-533F957F7F87", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "B5B657C6-A2DF-432A-9F46-1157C630CB20", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9734B50E-BEA8-41DF-835F-7B15A9BB31E8", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E9645D4F-BB03-49AD-AE79-6FE990BF18FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.", }, { lang: "es", value: "Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en FreePBX 2.5.1, y otros 2.4.x, 2.5.x, y versiones pre-lanzamiento 2.6.x, permiten a atacantes remotos secuestrar la autenticación de administradores en peticiones que crean una nueva cuenta de administrador o tener otros impactos no especificados.", }, ], id: "CVE-2009-1802", lastModified: "2024-11-21T01:03:24.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-05-28T14:30:00.377", references: [ { source: "cve@mitre.org", url: "http://freepbx.org/trac/ticket/3660", }, { source: "cve@mitre.org", url: "http://osvdb.org/54262", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://freepbx.org/trac/ticket/3660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/54262", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.4 | |
| freepbx | freepbx | 2.4.0_beta1 | |
| freepbx | freepbx | 2.4.0_beta2 | |
| freepbx | freepbx | 2.4.1 | |
| freepbx | freepbx | 2.5 | |
| freepbx | freepbx | 2.5.0_beta1 | |
| freepbx | freepbx | 2.5.0rc2 | |
| freepbx | freepbx | 2.5.0rc3 | |
| freepbx | freepbx | 2.5.1 | |
| freepbx | freepbx | 2.5.2 | |
| sangoma | freepbx | 2.4.0 | |
| sangoma | freepbx | 2.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*", matchCriteriaId: "455E97D6-B069-49D6-B510-3D4112A9E1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "BF1E1278-3114-4BD1-B589-30B5313C9502", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*", matchCriteriaId: "32D216B0-31D6-4288-8773-FB2438944492", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*", matchCriteriaId: "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "11ACC1C9-A2C3-41CA-B608-C474B642A380", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*", matchCriteriaId: "D8A021AB-A142-4DAD-9EB0-2352C625D8CC", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*", matchCriteriaId: "9C0B173F-2161-4E40-A712-90DA6B997820", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "613A39A4-976E-4535-9408-533F957F7F87", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "B5B657C6-A2DF-432A-9F46-1157C630CB20", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9734B50E-BEA8-41DF-835F-7B15A9BB31E8", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E9645D4F-BB03-49AD-AE79-6FE990BF18FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, { lang: "es", value: "FreePBX v2.5.1, v2.4.x, v2.5.x, y pre-release v2.6.x, genera distintos errores tras intentos de login fallidos dependiendo de si la cuenta de usuario existe o no, lo que permite a atacantes remotos listar nombres de usuarios váalidos.", }, ], id: "CVE-2009-1803", lastModified: "2024-11-21T01:03:24.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-05-28T14:30:00.390", references: [ { source: "cve@mitre.org", url: "http://freepbx.org/trac/ticket/3660", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/54263", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://freepbx.org/trac/ticket/3660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/54263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-06 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "07ACFC02-9307-4566-94F4-27D8991719CA", versionEndIncluding: "2.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en FreePBX v2.9 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de contexto (1) al panel/index_amp.php o (2) Panel/dhtml/index.php, (3) CLID o (4) parámetros clidname al panel/flash/mypage.php, (5) PATH_INFO para admin/views/freepbx_reload.php, o (6) parámetro login/index.php a las grabaciones.", }, ], id: "CVE-2012-4870", lastModified: "2024-11-21T01:43:38.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-09-06T17:55:02.377", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48463", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48475", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18649", }, { source: "cve@mitre.org", url: "http://www.freepbx.org/trac/ticket/5711", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52630", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freepbx.org/trac/ticket/5711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74173", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-29 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/102854 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102854 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:10.13.66:*:*:*:*:*:*:*", matchCriteriaId: "DAB14472-7F62-4AF7-9F83-07CCBA731757", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:14.0.1.24:*:*:*:*:*:*:*", matchCriteriaId: "476EBCD5-7032-4453-8C67-9693A57B7F30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can \"directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.", }, { lang: "es", value: "** EN DISPUTA ** FreePBX 10.13.66-32bit y 14.0.1.24 (SNG7-PBX-64bit-1712-2) permite inyección SQL de posautenticación mediante el parámetro order. NOTA: el vendedor discute este problema porque es intencional que un usuario pueda \"modificar directamente las tablas SQL...\". [o] ejecutar scripts shell .... una vez .... conectados a la interfaz de administración; no hay necesidad de intentar encontrar errores de validación de entrada\".", }, ], id: "CVE-2018-6393", lastModified: "2024-11-21T04:10:37.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-29T20:29:00.420", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102854", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102854", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-20 17:15
Modified
2024-11-21 03:51
Severity ?
Summary
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:15.0.1:-:*:*:*:*:*:*", matchCriteriaId: "31CDB8E8-DDC5-4FD0-B92F-0CE8B546728D", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "6B5E032A-03FF-4A60-954C-87D87041C8A4", versionEndExcluding: "13.0.122.43", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "E09C7941-32F4-4FE8-8CC7-2A5C1B79B562", versionEndExcluding: "14.0.18.34", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "0CC65822-E00B-46C8-A7EF-C226C5B14FAE", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:15.0.1:beta4:*:*:*:*:*:*", matchCriteriaId: "7A84BC1D-AB54-4019-B2CF-C0928AD318FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.", }, { lang: "es", value: "Se detecto un problema en el núcleo de FreePBX antes de la versión 3.0.122.43, 14.0.18.34 y 5.0.1beta4. Al crear una solicitud para agregar módulos de Asterisk, un atacante puede almacenar comandos de JavaScript en el nombre de un módulo.", }, ], id: "CVE-2018-15891", lastModified: "2024-11-21T03:51:39.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-20T17:15:09.847", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.freepbx.org/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.freepbx.org/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-06 16:15
Modified
2024-11-21 04:34
Severity ?
Summary
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "59469524-BCC0-4BBE-BB19-2B0D8ADC233C", versionEndIncluding: "13.0.76.43", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "63535AD2-3440-4734-A0A7-E27031192C01", versionEndIncluding: "14.0.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "CEEE7AED-E091-4D51-B1CD-79AAD5E7F4A1", versionEndIncluding: "15.0.20", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.", }, { lang: "es", value: "En userman versiones 13.0.76.43 hasta 15.0.20 en Sangoma FreePBX, se presenta una vulnerabilidad de tipo XSS en la pantalla User Management del sitio web del Administrador. Un atacante con acceso a la aplicación User Control Panel puede enviar valores maliciosos en algunos de los campos time/date formatting y time-zone. Estos campos no se están saneando apropiadamente. Si esto se hace y un usuario (como un administrador) visita la pantalla User Management y visualiza el perfil de ese usuario, la carga útil de XSS será renderizada y ejecutada en el contexto de la cuenta del usuario víctima.", }, ], id: "CVE-2019-19551", lastModified: "2024-11-21T04:34:57.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-06T16:15:11.030", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:35
Severity ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "F67046E2-B151-45A7-933E-7A985408AAA8", versionEndIncluding: "13.0.26.9", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "A7EDADFC-4863-4DA9-B10D-B440CAED8A04", versionEndIncluding: "14.0.2.14", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "A3C07E54-5668-44EB-B771-2BA6F3A08B0D", versionEndIncluding: "15.0.15.4", versionStartIncluding: "15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.", }, { lang: "es", value: "Se presenta una vulnerabilidad de Inyección XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15 dentro de la pantalla de reporte Call Event Logging en el módulo cel en el URI admin/config.php?display=cel por medio de campos de fecha. Esto afecta cel versiones hasta 13.0.26.9, versiones 14.x hasta 14.0.2.14 y versiones 15.x hasta 15.0.15.4.", }, ], id: "CVE-2019-19852", lastModified: "2024-11-21T04:35:32.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T21:15:12.390", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Call+Event+Logging+module", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "A94B1A93-DE5D-4EDD-8687-EDF03FBEF37B", versionEndIncluding: "13.0.4.7", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "DA6A2345-CC98-477D-9CEF-1202FA8BE9B5", versionEndIncluding: "14.0.24", versionStartIncluding: "14.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "7D1EE583-94CD-44CC-9B8D-56F31E48CB5B", versionEndIncluding: "15.0.2.20", versionStartIncluding: "15.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.", }, { lang: "es", value: "Se presenta una vulnerabilidad de Inyección de XSS en Sangoma FreePBX y PBXact versiones 13, 14 y 15, dentro de la página Debug/Test del módulo Superfecta en el URI admin/config.php?display=superfecta. Esto afecta a Superfecta versiones hasta 13.0.4.7, versiones 14.x hasta 14.0.24 y versiones 15.x hasta 15.0.2.20.", }, ], id: "CVE-2019-19851", lastModified: "2024-11-21T04:35:31.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T16:15:12.110", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-05-28 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*", matchCriteriaId: "455E97D6-B069-49D6-B510-3D4112A9E1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "BF1E1278-3114-4BD1-B589-30B5313C9502", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*", matchCriteriaId: "32D216B0-31D6-4288-8773-FB2438944492", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*", matchCriteriaId: "11ACC1C9-A2C3-41CA-B608-C474B642A380", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*", matchCriteriaId: "D8A021AB-A142-4DAD-9EB0-2352C625D8CC", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*", matchCriteriaId: "9C0B173F-2161-4E40-A712-90DA6B997820", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "613A39A4-976E-4535-9408-533F957F7F87", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "B5B657C6-A2DF-432A-9F46-1157C630CB20", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9734B50E-BEA8-41DF-835F-7B15A9BB31E8", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E9645D4F-BB03-49AD-AE79-6FE990BF18FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados(XSS) en FreePBX v2.5.1, y otras v2.4.x, v2.5.x, y versiones pre-release v2.6.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través (1) del parámetro display a reports.php, (2) el order y (3) el parámetro extdisplay a config.php, y (4) el parámetro sort a recordings/index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros.", }, ], id: "CVE-2009-1801", lastModified: "2024-11-21T01:03:24.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-05-28T14:30:00.343", references: [ { source: "cve@mitre.org", url: "http://freepbx.org/trac/ticket/3660", }, { source: "cve@mitre.org", url: "http://osvdb.org/54259", }, { source: "cve@mitre.org", url: "http://osvdb.org/54260", }, { source: "cve@mitre.org", url: "http://osvdb.org/54261", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://freepbx.org/trac/ticket/3660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/54259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/54260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/54261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/34857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50361", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-07 14:55
Modified
2024-11-21 02:16
Severity ?
Summary
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freepbx | freepbx | 2.10.0.0 | |
| freepbx | freepbx | 2.10.0.1 | |
| freepbx | freepbx | 2.10.0.2 | |
| freepbx | freepbx | 2.10.0.3 | |
| freepbx | freepbx | 2.10.0.4 | |
| freepbx | freepbx | 2.10.0.5 | |
| freepbx | freepbx | 2.10.0.6 | |
| freepbx | freepbx | 2.10.0.7 | |
| freepbx | freepbx | 2.10.0.8 | |
| freepbx | freepbx | 2.10.0.9 | |
| freepbx | freepbx | 2.10.0.10 | |
| freepbx | freepbx | 2.11.1.0 | |
| freepbx | freepbx | 2.11.1.1 | |
| freepbx | freepbx | 2.11.1.2 | |
| freepbx | freepbx | 2.11.1.3 | |
| freepbx | freepbx | 2.11.1.4 | |
| sangoma | freepbx | * | |
| sangoma | freepbx | 2.11.0.0 | |
| sangoma | freepbx | 2.11.0.1 | |
| sangoma | freepbx | 2.11.0.2 | |
| sangoma | freepbx | 2.11.0.3 | |
| sangoma | freepbx | 2.11.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6317E737-4318-4986-AC41-9F69BEEE57C1", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A5B24685-54DE-4F76-AC05-3CA32A63E34D", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "182B7950-427E-4F48-968D-125DC480F00F", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4126EAD1-F307-4252-B951-AF6BA8AB50AF", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.4:*:*:*:*:*:*:*", matchCriteriaId: "38BD066D-9777-4D58-B283-38C35BD97171", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.5:*:*:*:*:*:*:*", matchCriteriaId: "7035B567-4728-4E8C-B27C-5C37445C89C8", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A591ECCE-6DBC-45BE-908F-BC5D8D817DDA", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A284DA73-FD42-4C79-A4B7-3A1848F3883B", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.8:*:*:*:*:*:*:*", matchCriteriaId: "F04952AA-A9F1-4C2F-A19A-5DF5D4CB27AD", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.9:*:*:*:*:*:*:*", matchCriteriaId: "CA512E0C-5E77-4D67-8E49-D6F5B7DCE87F", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.10.0.10:*:*:*:*:*:*:*", matchCriteriaId: "9F29B0F2-C3A3-401C-A8D1-842E1D660BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "61D4517F-EDED-49C3-B0E7-72703D49D78E", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11.1.1:*:*:*:*:*:*:*", matchCriteriaId: "787A42CA-870B-4595-8234-93C6E3D68A51", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11.1.2:*:*:*:*:*:*:*", matchCriteriaId: "697C8EA2-5E93-46A8-B604-49DDCEA8B0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11.1.3:*:*:*:*:*:*:*", matchCriteriaId: "A082A340-769A-4925-AA29-4334B4940F10", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11.1.4:*:*:*:*:*:*:*", matchCriteriaId: "04B6860F-F3D1-42E4-908D-789E26F00640", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "575E3DA5-B8DE-47CC-A322-50EE531A5365", versionEndIncluding: "2.9.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90B28D54-5FBD-403C-BA01-3D2CF2F8D8FB", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "37704860-CB88-4182-9928-35A2CCDDA0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "30DB72FB-2D60-4C78-B2E3-A54857FA382E", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A36B78CA-1130-4045-99C3-339132F4ED66", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0675B567-E2FB-4870-BD42-5CB97DA1B9E9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.", }, { lang: "es", value: "En el archivo htdocs_ari/includes/login.php en el módulo del Framework ARI/Asterisk Recording Interface (ARI) en FreePBX anterior a versión 2.9.0.9, versiones 2.10.x y versiones 2.11 anteriores a 2.11.1.5, permite a los atacantes remotos ejecutar código arbitrario por medio de la cookie ari_auth, relacionada con la función unserialize de PHP, como se explotó “in the wild” en septiembre de 2014.", }, ], id: "CVE-2014-7235", lastModified: "2024-11-21T02:16:34.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-07T14:55:09.093", references: [ { source: "cve@mitre.org", url: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/61601", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/70188", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790", }, { source: "cve@mitre.org", url: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/41005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/41005/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-21 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "15601D4B-F4D7-4A59-AA59-F9C28DCF6E33", versionEndIncluding: "13.0.197.13", versionStartIncluding: "13.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "BC783D51-829F-4F40-8C11-8006CFD56701", versionEndIncluding: "14.0.13.11", versionStartIncluding: "14.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "55D2FF3D-ED67-46E2-98D5-E01B14100E9E", versionEndIncluding: "15.0.16.26", versionStartIncluding: "15.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.", }, { lang: "es", value: "Sangoma FreePBX versión 115.0.16.26 y anteriores, versión 14.0.13.11 y anteriores, versión 13.0.197.13 y anteriores, presenta un Control de Acceso Incorrecto.", }, ], id: "CVE-2019-19006", lastModified: "2024-11-21T04:33:58.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-21T18:15:11.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://pastebin.com/2CdsQMKW", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.freepbx.org/category/blog/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://pastebin.com/2CdsQMKW", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.freepbx.org/category/blog/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-28 18:00
Modified
2024-11-21 01:18
Severity ?
Summary
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "3022F746-A202-4F08-9B69-4DF7FC850F33", versionEndIncluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.", }, { lang: "es", value: "Multiples vulnerabilidades de salto de directorio en page.recordings.php en el componente System Recordings en la interface de cofiguración en interfaz en FreePBX v2.8.0 y anteriores permite a administradores autenticados remotamente crear ficheros a su elección a través de .. (punto punto) en el parámetro usersnum en dmin/config.php, como quedó demostrado en la creacción de un fichero .php bajo la raíz web. \r\n", }, ], id: "CVE-2010-3490", lastModified: "2024-11-21T01:18:51.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-09-28T18:00:03.417", references: [ { source: "cve@mitre.org", url: "http://www.exploit-db.com/exploits/15098", }, { source: "cve@mitre.org", url: "http://www.freepbx.org/trac/ticket/4553", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/513947/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/43454", }, { source: "cve@mitre.org", url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.exploit-db.com/exploits/15098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freepbx.org/trac/ticket/4553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/513947/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/43454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-22 19:15
Modified
2024-11-21 06:32
Severity ?
Summary
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | Vendor Advisory | |
| cve@mitre.org | https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.freepbx.org/t/0-day-freepbx-exploit/80092 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:restapps:15.0.19.87:*:*:*:*:*:*:*", matchCriteriaId: "FBE2B09F-4D55-4B15-ACEC-222A2C3F1B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:restapps:15.0.19.88:*:*:*:*:*:*:*", matchCriteriaId: "2281ABC0-04AF-4E1D-9EE9-B1ED5E6439B2", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:restapps:16.0.18.40:*:*:*:*:*:*:*", matchCriteriaId: "3CAA7BD6-BDF7-4AA3-AB9C-F1B744CEFF63", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:restapps:16.0.18.41:*:*:*:*:*:*:*", matchCriteriaId: "816DE90F-84BC-4966-9082-72579923B454", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:-:*:*:*:*:*:*:*", matchCriteriaId: "56F9D7C9-4F22-4BB6-9F17-CE0DFC2CD659", vulnerable: false, }, { criteria: "cpe:2.3:a:sangoma:pbxact:-:*:*:*:*:*:*:*", matchCriteriaId: "1651BD00-B317-42A0-BC87-247808F8860F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.", }, { lang: "es", value: "FreePBX, cuando es instalado restapps (también se conoce como Rest Phone Apps) versiones 15.0.19.87, 15.0.19.88, 16.0.18.40, o 16.0.18.41, permite a atacantes remotos ejecutar código arbitrario, como es explotado \"in the wild\" en diciembre de 2021. Las versiones corregidas son 15.0.20 y la 16.0.19", }, ], id: "CVE-2021-45461", lastModified: "2024-11-21T06:32:15.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-22T19:15:11.807", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://community.freepbx.org/t/0-day-freepbx-exploit/80092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-06 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*", matchCriteriaId: "E2D8B83D-8DCD-4C5E-886E-A74BCBB5EF8C", versionEndIncluding: "2.10", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*", matchCriteriaId: "04919406-CF00-4CEA-8D63-B2F13C93C05F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.", }, { lang: "es", value: "La función callme_startcall en recordings/misc/callme_page.php en FreePBX v2.9, v2.10 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través del parámetro callmenum en acción alterna.", }, ], id: "CVE-2012-4869", lastModified: "2024-11-21T01:43:38.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-06T17:55:02.300", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48463", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18649", }, { source: "cve@mitre.org", url: "http://www.exploit-db.com/exploits/18659", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.freepbx.org/trac/ticket/5711", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52630", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2012/Mar/234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.exploit-db.com/exploits/18659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.freepbx.org/trac/ticket/5711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/52630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-18 11:55
Modified
2024-11-21 02:05
Severity ?
Summary
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.10:*:*:*:*:*:*:*", matchCriteriaId: "2A91F7BB-328B-446A-82F5-006372BB6A55", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.11:*:*:*:*:*:*:*", matchCriteriaId: "218DEE69-9011-4F41-8652-9546A575A066", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.12:*:*:*:*:*:*:*", matchCriteriaId: "2074522D-B309-488E-8FF3-CB04FC862306", vulnerable: true, }, { criteria: "cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*", matchCriteriaId: "04919406-CF00-4CEA-8D63-B2F13C93C05F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.", }, { lang: "es", value: "admin/libraries/view.functions.php en FreePBX 2.9 anterior a 2.9.0.14, 2.10 anterior a 2.10.1.15, 2.11 anterior a 2.11.0.23 y 12 anterior a 12.0.1alpha22 no restringe el conjunto de funciones accesibles al manejador de la API, lo que permite a atacantes remotos ejecutar código PHP arbitrario a través de los parámetros function y args hacia admin/config.php.", }, ], id: "CVE-2014-1903", lastModified: "2024-11-21T02:05:14.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-18T11:55:16.977", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html", }, { source: "cve@mitre.org", url: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", }, { source: "cve@mitre.org", url: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://issues.freepbx.org/browse/FREEPBX-7117", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://issues.freepbx.org/browse/FREEPBX-7123", }, { source: "cve@mitre.org", url: "http://osvdb.org/103240", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", }, { source: "cve@mitre.org", url: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/531040/100/0/threaded", }, { source: "cve@mitre.org", url: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://issues.freepbx.org/browse/FREEPBX-7117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://issues.freepbx.org/browse/FREEPBX-7123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/531040/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }