Vulnerabilities > Sangoma > Freepbx > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-02 CVE-2023-43336 Unspecified vulnerability in Sangoma Freepbx
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
network
low complexity
sangoma
8.8
2019-11-21 CVE-2019-19006 Improper Authentication vulnerability in Sangoma Freepbx 13.0.0.0/13.0.1
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
network
low complexity
sangoma CWE-287
7.5
2018-01-29 CVE-2018-6393 SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter.
network
low complexity
sangoma CWE-89
7.2
2014-02-18 CVE-2014-1903 Permissions, Privileges, and Access Controls vulnerability in multiple products
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
network
low complexity
freepbx sangoma CWE-264
7.5
2012-09-06 CVE-2012-4869 Code Injection vulnerability in Sangoma Freepbx
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
network
low complexity
sangoma CWE-94
7.5