Known Vulnerabilities for products from Freepbx
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Freepbx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40520 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2019-16967 json | An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager modul... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2019-16966 json | An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX... | 6.1 - MEDIUM | 2019-10-21 | 2019-12-10 |
| CVE-2018-15892 json | FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=for... | 4.3 - MEDIUM | 2019-06-20 | 2019-06-24 |
| CVE-2018-15891 json | An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Aster... | 4.8 - MEDIUM | 2019-06-20 | 2019-12-10 |
| CVE-2014-7235 json | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.... | 10 - HIGH | 2014-10-07 | 2019-12-10 |
| CVE-2014-1903 json | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 befor... | 7.5 - HIGH | 2014-02-18 | 2019-12-10 |
| CVE-2009-4458 json | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote ... | Not Provided | 2009-12-30 | 2026-04-23 |
| CVE-2009-1803 json | FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login ... | Not Provided | 2009-05-28 | 2026-04-23 |
| CVE-2009-1802 json | Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x ve... | Not Provided | 2009-05-28 | 2026-04-23 |
| CVE-2009-1801 json | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions,... | Not Provided | 2009-05-28 | 2026-04-23 |
| CVE-2007-2350 json | admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary... | Not Provided | 2007-04-30 | 2026-04-23 |
| CVE-2007-2191 json | Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or... | Not Provided | 2007-04-24 | 2026-04-23 |
Known software with vulnerabilities from Freepbx
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freepbx | Contactmanager | 13.0.0 |
| Application | Freepbx | Contact Manager | 13.0.0 |
| Application | Freepbx | Disa | 13.0.6.2 |
| Application | Freepbx | Freepbx | 10.13.66 |
| Application | Freepbx | Manager | - |