CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...

6.1CVSS6.8AI score0.00362EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:54 a.m.•2 views

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

8.8CVSS8.6AI score0.00185EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:45 p.m.•4 views

CVE-2022-29330

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors...

4.9CVSS6.9AI score0.00335EPSS

Exploits1References1

OSV•added 2024/02/15 8:15 a.m.•0 views

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

7.2CVSS6.1AI score0.01357EPSS

Exploits1References2

NVD•added 2024/02/15 8:15 a.m.•13 views

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

7.2CVSS7.4AI score0.01357EPSS

Exploits1References2

Prion•added 2024/02/15 8:15 a.m.•12 views

Design/Logic Flaw

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

8AI score0.01357EPSS

Exploits1References2

Cvelist•added 2024/02/15 12:0 a.m.•10 views

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

7.6AI score0.01357EPSS

Exploits1References2

Vulnrichment•added 2024/02/15 12:0 a.m.•15 views

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

7.7AI score0.01357EPSS

Exploits1References2

CNNVD•added 2024/02/15 12:0 a.m.•1 views

VitalPBX Security Breach

VitalPBX is an Asterisk-based unified communications PBX system. A security vulnerability exists in VitalPBX version v.3.2.4-5 that originates from a vulnerability that allows an attacker to execute arbitrary code via a crafted payload...

7.2CVSS7.6AI score0.01357EPSS

Exploits1References3

CVE•added 2024/02/15 12:0 a.m.•85 views

CVE-2024-24386

CVE-2024-24386 affects VitalPBX v3.2.4-5. An attacker can run arbitrary code via a crafted payload to /var/lib/vitalpbx/scripts, caused by insufficient protection when processing a script from that directory (per PT-Security/Red Hat/NVD entries). Impact is high: remote code execution. Remediation...

7.2CVSS7.6AI score0.01357EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2024/01/25 12:0 a.m.•2 views

PT-2024-1831 · Vitalpbx · Vitalpbx

Name of the Vulnerable Software and Affected Versions: VitalPBX versions 3.2.4 through 3.2.5 Description: The issue is related to insufficient protection of service data when processing a script from the /var/lib/vitalpbx directory, allowing an attacker to execute arbitrary code via a crafted...

7.2CVSS7.6AI score0.01357EPSS

Exploits1References9

OSV•added 2023/04/04 11:15 p.m.•0 views

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

8.8CVSS7.3AI score

Exploits0References2

OSV•added 2023/04/04 11:15 p.m.•1 views

CVE-2023-0486

6.1CVSS5.8AI score0.00362EPSS

Exploits1References2

NVD•added 2023/04/04 11:15 p.m.•11 views

CVE-2023-0486

6.1CVSS6.2AI score0.00362EPSS

Exploits1References2

NVD•added 2023/04/04 11:15 p.m.•7 views

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

8.8CVSS8.6AI score0.00185EPSS

Exploits1References2

Prion•added 2023/04/04 11:15 p.m.•16 views

Cross site scripting

5.8CVSS6.1AI score0.00362EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by