CVE-2023-43336
https://notcve.org/view.php?id=CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. Se descubrió que Sangoma Technologies FreePBX anterior a cdr 15.0.18, 16.0.40, 15.0.16 y 16.0.17 contenía un problema de control de acceso a través de un valor de parámetro modificado, por ejemplo, cambiando extensión=self a extensión=101. • http://freepbx.com http://sangoma.com https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 • CWE-284: Improper Access Control •
CVE-2023-26567
https://notcve.org/view.php?id=CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. • https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions https://www.freepbx.org https://www.sangoma.com/products/open-source • CWE-522: Insufficiently Protected Credentials •
CVE-2019-25090 – FreePBX arimanager Views cross site scripting
https://notcve.org/view.php?id=CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. • https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4 https://vuldb.com/?ctiid.216878 https://vuldb.com/?id.216878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36630 – FreePBX cdr Cdr.class.php ajaxHandler sql injection
https://notcve.org/view.php?id=CVE-2020-36630
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. • https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8 https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21 https://vuldb.com/?ctiid.216771 https://vuldb.com/?id.216771 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-45461
https://notcve.org/view.php?id=CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. FreePBX, cuando es instalado restapps (también se conoce como Rest Phone Apps) versiones 15.0.19.87, 15.0.19.88, 16.0.18.40, o 16.0.18.41, permite a atacantes remotos ejecutar código arbitrario, como es explotado "in the wild" en diciembre de 2021. Las versiones corregidas son 15.0.20 y la 16.0.19 • https://community.freepbx.org/t/0-day-freepbx-exploit/80092 https://community.freepbx.org/t/security-issue-potential-rest-phone-apps-rce/80109 https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE •