Vulnerabilities > Sangoma > Freepbx > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-25 CVE-2020-36630 SQL Injection vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX cdr 14.0.
network
low complexity
sangoma CWE-89
critical
9.8
2014-10-07 CVE-2014-7235 Code Injection vulnerability in multiple products
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
network
low complexity
freepbx sangoma CWE-94
critical
10.0