Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday15 views

FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection

FreePBX Endpoint Manager 17.0.2.36 to = 17.0.2.36 && 17.0.3 - Authenticated Command Injection author: th3y severity: critical description: | FreePBX Endpoint Manager 17.0.2.36 to 17.0.3 contains a command injection caused by improper sanitization in filestore module's testconnection checksshconne...

8.6CVSS7.3AI score0.84417EPSS
Exploits4References3
Rapid7 Blog
Rapid7 Blog
added 2026/03/20 8:3 p.m.13 views

Metasploit Wrap-Up 03/20/2026

♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fixes. Community contributor Chocapikk submitted both exploit modules this release: one targeting AVideo-Encoder’s getImage.php file and anothe...

9.8CVSS7.6AI score0.84417EPSS
Exploits6
Packet Storm News
Packet Storm News
added 2026/03/18 12:0 a.m.3 views

FreePBX Filestore Module Exposure Scanner

This python script is a lightweight security scanner designed to detect installations of FreePBX and check basic indicators related to the vulnerability CVE-2025-64328...

8.6CVSS6.1AI score0.84417EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/02/27 5:59 p.m.8 views

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in...

8.6CVSS6.6AI score0.84417EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.7 views

FreePBX 17.0.2.36 < 17.0.3 Command Injection (GHSA-vm9p-46mv-5xvw)

The version of FreePBX installed on the remote host is 17.0.2.36 or later but prior to 17.0.3. It is, therefore, affected by a command injection vulnerability: - The filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated...

8.6CVSS5.9AI score0.84417EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2025/11/07 3:32 a.m.3 views

CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

8.6CVSS5.7AI score0.84417EPSS
In wildExploits4References5Affected Software1
Rows per page
Query Builder