CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-16967
https://notcve.org/view.php?id=CVE-2019-16967
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. Se detectó un problema en Manager versiones 13.x anteriores a 13.0.2.6 y versiones 15.x anteriores a 15.0.6 antes del FreePBX versión 14.0.10.3. • https://github.com/FreePBX/manager/commit/071a50983ca6a373bb2d1d3db68e9eda4667a372 https://issues.freepbx.org/browse/FREEPBX-20436 https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2019-16966
https://notcve.org/view.php?id=CVE-2019-16966
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager. Se detectó un problema en Contactmanager versiones 13.x anteriores a 13.0.45.3, versiones 14.x anteriores a 14.0.5.12 y versiones 15.x anteriores a 15.0.8.21 para FreePBX versión 14.0.10.3. • https://github.com/FreePBX/contactmanager/commit/99e5aa0050224289cfe64c9036f38ce2531bf633 https://issues.freepbx.org/browse/FREEPBX-20437 https://resp3ctblog.wordpress.com/2019/10/19/freepbx-xss-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15891
https://notcve.org/view.php?id=CVE-2018-15891
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name. Se detecto un problema en el núcleo de FreePBX antes de la versión 3.0.122.43, 14.0.18.34 y 5.0.1beta4. Al crear una solicitud para agregar módulos de Asterisk, un atacante puede almacenar comandos de JavaScript en el nombre de un módulo. • https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode https://www.freepbx.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6393
https://notcve.org/view.php?id=CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors. ** EN DISPUTA ** FreePBX 10.13.66-32bit y 14.0.1.24 (SNG7-PBX-64bit-1712-2) permite inyección SQL de posautenticación mediante el parámetro order. NOTA: el vendedor discute este problema porque es intencional que un usuario pueda "modificar directamente las tablas SQL...". [o] ejecutar scripts shell .... una vez .... conectados a la interfaz de administración; no hay necesidad de intentar encontrar errores de validación de entrada". • http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html http://www.securityfocus.com/bid/102854 https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 89%CPEs: 22EXPL: 1CVE-2014-7235 – Freepbx < 2.11.1.5 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014. En el archivo htdocs_ari/includes/login.php en el módulo del Framework ARI/Asterisk Recording Interface (ARI) en FreePBX anterior a versión 2.9.0.9, versiones 2.10.x y versiones 2.11 anteriores a 2.11.1.5, permite a los atacantes remotos ejecutar código arbitrario por medio de la cookie ari_auth, relacionada con la función unserialize de PHP, como se explotó “in the wild” en septiembre de 2014. FreePBX versions prior to 2.11.1.5 suffer from a code execution vulnerability. • https://www.exploit-db.com/exploits/41005 http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html http://secunia.com/advisories/61601 http://www.securityfocus.com/bid/70188 https://exchange.xforce.ibmcloud.com/vulnerabilities/96790 https://github.com/FreePBX/fw_ari/commit/f294b4580ce725ca3c5e692d86e63d40cef4d836 • CWE-94: Improper Control of Generation of Code ('Code Injection') •