FreePBX 13.0.35 - SQL Injection

Exploit for php platform in category web applications Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : i-Hmx Email : email protected Home : sec4ever.com Freepbx suffer from unauthenticated sql injection flaw due to insufficient sanitization of "display" paramet...

CVE-2014-1903

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args...

Log1 CMS writeInfo() PHP Code Injection

This module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code...