7 matches found
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems, FreePBX, allows a intruder to execute arbitrary code.
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems like FreePBX lies in the ability to inject code into the URL addresses. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2021-45461
FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...
CVE-2021-45461
FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...
Design/Logic Flaw
FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...
CVE-2021-45461
CVE-2021-45461 affects FreePBX with restapps (aka Rest Phone Apps) versions 15.0.19.87–15.0.19.88 and 16.0.18.40–16.0.18.41. The vulnerability allows remote attackers to execute arbitrary code. It was exploited in the wild in December 2021. The fixed releases are 15.0.20 and 16.0.19. Remediation:...
PT-2021-7259
Name of the Vulnerable Software and Affected Versions FreePBX versions 15.0.19.87 through 15.0.19.88 FreePBX versions 16.0.18.40 through 16.0.18.41 Description The issue allows remote attackers to execute arbitrary code. This has been exploited in the wild, with reports of attacks starting in...
CVE-2020-10666
The Restapps (Rest Phone apps) module in Sangoma FreePBX and PBXact (versions 13–15 up to 15.0.19.2) is vulnerable to remote code execution via a URL variable to an AMI command. Root cause is a flaw in Restapps’ handling of AMI commands that allows injection. Impact per sources is high (remote, n...