CVE-2025-59429 FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page

FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and ...

EUVD-2019-7444

Malware in sbrugna...

EUVD-2018-7747

Malware in sbrugna...

EUVD-2024-51996

Malicious code in bioql PyPI...

EUVD-2021-34121

Malicious code in bioql PyPI...

EUVD-2023-30362

Malicious code in bioql PyPI...

EUVD-2021-32227

Malicious code in bioql PyPI...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

CVE-2025-57819FreePBX This repositor...

CVE-2025-59056

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where mo...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

PoC exploit for CVE-2025-57819, a Remote Code Execution RCE vu...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

CVE-2019-25090

A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading...

CVE-2019-19538

In Sangoma FreePBX 13 through 15 and sysadmin aka System Admin 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation...

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name...

FreePBX File Upload Vulnerability

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A file upload vulnerability exists in FreePBX. The vulnerability stems from the application's lack of effective...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

PT-2024-12105 · Sangoma · Sangoma Freepbx

Name of the Vulnerable Software and Affected Versions: Sangoma FreePBX versions 1805 through 2203 Description: The issue concerns hardcoded credentials for the Asterisk REST Interface ARI in Sangoma FreePBX, allowing remote attackers to reconfigure Asterisk and make external and internal calls vi...

PT-2023-20732 · Mariadb +3 · Mariadb +3

Name of the Vulnerable Software and Affected Versions: Sangoma FreePBX versions 1805 through 2302 Description: The issue exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface by placing AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS ...

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...

VulnCheck KEV: CVE-2012-4869

The callmestartcall function in recordings/misc/callmepage.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action...