Known Vulnerabilities for products from Freepbx
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Freepbx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-16967 | An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager modul... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2019-16966 | An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2018-15892 | FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=for... | 4.3 - MEDIUM | 2019-06-20 | 2019-06-24 |
| CVE-2018-15891 | An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Aster... | 4.8 - MEDIUM | 2019-06-20 | 2019-12-10 |
| CVE-2014-7235 | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.... | 10 - HIGH | 2014-10-07 | 2019-12-10 |
| CVE-2014-1903 | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 befor... | 7.5 - HIGH | 2014-02-18 | 2019-12-10 |
| CVE-2009-4458 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote ... | 4.3 - MEDIUM | 2009-12-30 | 2017-08-17 |
| CVE-2009-1803 | FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login ... | 5 - MEDIUM | 2009-05-28 | 2019-12-10 |
| CVE-2009-1802 | Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x ve... | 6.8 - MEDIUM | 2009-05-28 | 2019-12-10 |
| CVE-2009-1801 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions,... | 4.3 - MEDIUM | 2009-05-28 | 2019-12-10 |
| CVE-2007-2350 | admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary... | 6.5 - MEDIUM | 2007-04-30 | 2011-03-08 |
| CVE-2007-2191 | Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or... | 6.8 - MEDIUM | 2007-04-24 | 2017-07-29 |
Known software with vulnerabilities from Freepbx
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freepbx | Contact Manager | 13.0.0 |
| Application | Freepbx | Contactmanager | 13.0.0 |
| Application | Freepbx | Disa | 13.0.6.2 |
| Application | Freepbx | Freepbx | 2.3.0 |
| Application | Freepbx | Manager | - |