CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 3CVE-2019-12147 – Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation
https://notcve.org/view.php?id=CVE-2019-12147
18 Oct 2019 — The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. La interfaz web GA de Sangom... • https://packetstorm.news/files/id/154914 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2019-12148 – Sangoma SBC 2.3.23-119-GA Authentication Bypass
https://notcve.org/view.php?id=CVE-2019-12148
18 Oct 2019 — The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. La interfaz web GA de Sangoma Session Border Controller (SBC) versión 2.3.23-119, es vulnerable a una omisión de au... • https://packetstorm.news/files/id/154915 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15891
https://notcve.org/view.php?id=CVE-2018-15891
20 Jun 2019 — An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name. Se detecto un problema en el núcleo de FreePBX antes de la versión 3.0.122.43, 14.0.18.34 y 5.0.1beta4. Al crear una solicitud para agregar módulos de Asterisk, un atacante puede almacenar comandos de JavaScript en el nombre de un módulo. • https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 2CVE-2018-6393
https://notcve.org/view.php?id=CVE-2018-6393
29 Jan 2018 — FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors. ** EN DISPUTA ** FreePBX 10.13.66-32bit y 14.0.1.24 (SNG7-PBX-64bit-1712-2) permite inyección SQL de posautenticación mediante el parámetro... • http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17430
https://notcve.org/view.php?id=CVE-2017-17430
07 Dec 2017 — Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. Sangoma NetBorder / Vega Session Controller en versiones anteriores a la 2.3.12-80-GA permite que atacantes remotos ejecuten comandos arbitrarios mediante la interfaz web. • ftp://ftp.sangoma.com/nsc/2.3/Changelog • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 53%CPEs: 22EXPL: 2CVE-2014-7235 – Freepbx < 2.11.1.5 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7235
07 Oct 2014 — htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014. En el archivo htdocs_ari/includes/login.php en el módulo del Framework ARI/Asterisk Recording Interface (ARI) en FreePBX anterior a versión 2.9.0.9, versiones 2.10.x y versiones 2.11 anteriores a 2.1... • https://packetstorm.news/files/id/140414 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 84%CPEs: 4EXPL: 3CVE-2014-1903 – FreePBX 2.11.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-1903
14 Feb 2014 — admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. admin/libraries/view.functions.php en FreePBX 2.9 anterior a 2.9.0.14, 2.10 anterior a 2.10.1.15, 2.11 anterior a 2.11.0.23 y 12 anterior a 12.0.1alpha22 no restringe el conjunto de f... • https://packetstorm.news/files/id/125856 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 84%CPEs: 2EXPL: 10CVE-2012-4869 – FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4869
06 Sep 2012 — The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. La función callme_startcall en recordings/misc/callme_page.php en FreePBX v2.9, v2.10 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través del parámetro callmenum en acción alterna. • https://www.exploit-db.com/exploits/18659 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 5CVE-2012-4870 – FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4870
06 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en FreePBX v2.9 y anteriores permite a atacantes re... • https://www.exploit-db.com/exploits/18649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 9%CPEs: 1EXPL: 3CVE-2010-3490 – FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3490
28 Sep 2010 — Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. Multiples vulnerabilidades de salto de directorio en page.recordings.php en el componente System Recordings en la interface de cofiguración en interfaz en FreePBX v2... • https://www.exploit-db.com/exploits/15098 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •