Vulnerabilities > Sangoma > Freepbx > 2.8.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-02 | CVE-2023-43336 | Unspecified vulnerability in Sangoma Freepbx Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | 8.8 |
2022-12-27 | CVE-2019-25090 | Cross-site Scripting vulnerability in Sangoma Freepbx A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. | 6.1 |
2020-03-16 | CVE-2019-19538 | Unspecified vulnerability in Sangoma Freepbx In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation. | 6.5 |
2020-03-16 | CVE-2019-19851 | Cross-site Scripting vulnerability in Sangoma Freepbx An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. | 3.5 |
2019-10-21 | CVE-2019-16967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. | 4.3 |
2019-06-20 | CVE-2018-15891 | Cross-site Scripting vulnerability in multiple products An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. | 3.5 |
2014-10-07 | CVE-2014-7235 | Code Injection vulnerability in multiple products htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014. | 10.0 |
2012-09-06 | CVE-2012-4870 | Cross-Site Scripting vulnerability in Sangoma Freepbx Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php. | 4.3 |
2012-09-06 | CVE-2012-4869 | Code Injection vulnerability in Sangoma Freepbx The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. | 7.5 |