4 matches found
FreePBX 2.5.1 - SQL Injection
FreePBX 2.5.1 - SQL Injection Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running...
SQL injection in FreePBX 2.5.1
Exploit for unknown platform in category web applications ============================== SQL injection in FreePBX 2.5.1 ============================== Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010...
CVE-2009-1801
Multiple cross-site scripting XSS vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the 1 display parameter to reports.php, the 2 order and 3 extdisplay parameters to config.php, and the 4 so...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact...