Filtered by vendor Sangoma
Subscriptions
Filtered by product Freepbx
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-16967 | 2 Freepbx, Sangoma | 2 Manager, Freepbx | 2024-08-05 | 6.1 Medium |
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. | ||||
CVE-2020-36630 | 1 Sangoma | 1 Freepbx | 2024-08-04 | 5.5 Medium |
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771. | ||||
CVE-2020-10666 | 1 Sangoma | 2 Freepbx, Restapps | 2024-08-04 | 9.8 Critical |
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | ||||
CVE-2021-45461 | 1 Sangoma | 3 Freepbx, Pbxact, Restapps | 2024-08-04 | 9.8 Critical |
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. |