Vulnerabilities > Sangoma > Freepbx > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-02 CVE-2023-43336 Unspecified vulnerability in Sangoma Freepbx
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
network
low complexity
sangoma
8.8
2022-12-27 CVE-2019-25090 Cross-site Scripting vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic.
network
low complexity
sangoma CWE-79
6.1
2020-03-16 CVE-2019-19538 Unspecified vulnerability in Sangoma Freepbx
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
network
low complexity
sangoma
6.5
2020-03-16 CVE-2019-19851 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI.
network
sangoma CWE-79
3.5
2019-10-21 CVE-2019-16967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3.
4.3
2019-06-20 CVE-2018-15891 Cross-site Scripting vulnerability in multiple products
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4.
3.5
2014-10-07 CVE-2014-7235 Code Injection vulnerability in multiple products
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
network
low complexity
freepbx sangoma CWE-94
critical
10.0
2012-09-06 CVE-2012-4870 Cross-Site Scripting vulnerability in Sangoma Freepbx
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
network
sangoma CWE-79
4.3
2012-09-06 CVE-2012-4869 Code Injection vulnerability in Sangoma Freepbx
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
network
low complexity
sangoma CWE-94
7.5
2010-09-28 CVE-2010-3490 Path Traversal vulnerability in Sangoma Freepbx
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a ..
network
low complexity
sangoma CWE-22
6.5