FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk.
The Framework module of FreePBX is vulnerable to remote code execution as a result of improper sanitization of user-supplied input. The vulnerability is triggered when input passed as arguments to the
**config.php** script is not propery sanitized upon submission to the
**admin/libraries/view.functions.php** script. FreePBX versions 2.9 before 188.8.131.52, 2.10 before 184.108.40.206, 2.11 before 220.127.116.11, and 12 before 12.0.1alpha22 are vulnerable.
Upgrade to version 18.104.22.168, 22.214.171.124, 126.96.36.199, 12.0.1alpha22, or higher.
**telnet** application must exist on the target system.