CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2350
https://notcve.org/view.php?id=CVE-2007-2350
30 Apr 2007 — admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. admin/config.php en el módulo music-on-hold de freePBX 2.2.x permite a administradores remotos autenticados ejecutar comandos de su elección mediante meta-caracteres de consola de comandos en el parámetro del. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html •
CVSS: 6.8EPSS: 8%CPEs: 9EXPL: 2CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2191
24 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de ... • https://www.exploit-db.com/exploits/29873 •