CVE-2021-45461

FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...

CVE-2021-45461

CVE-2021-45461 affects FreePBX with restapps (aka Rest Phone Apps) versions 15.0.19.87–15.0.19.88 and 16.0.18.40–16.0.18.41. The vulnerability allows remote attackers to execute arbitrary code. It was exploited in the wild in December 2021. The fixed releases are 15.0.20 and 16.0.19. Remediation:...

CVE-2021-45461

FreePBX, when restapps aka Rest Phone Apps 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19...

PT-2021-7259

Name of the Vulnerable Software and Affected Versions FreePBX versions 15.0.19.87 through 15.0.19.88 FreePBX versions 16.0.18.40 through 16.0.18.41 Description The issue allows remote attackers to execute arbitrary code. This has been exploited in the wild, with reports of attacks starting in...

FreePBX 安全漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools for configuring Asterisk IP phone systems via a GUI web-based graphical interface from the FreePBX Freepbx project. freePBX restapps has a security vulnerability that could be exploited by remote attackers to execute arbitrary...

FreePBX 13.x <= 13.0.93.2, 14.x <= 14.0.22.2, 15.x <= 15.0.19.2 RCE Vulnerability

FreePBX is prone to a remote code execution RCE vulnerability. NOTE: This VT is reporting a false positive and therefore has been deprecated. The vulnerability exists in the Restapps / Phone apps module and not in the core framework itself. SPDX-FileCopyrightText: 2021 Greenbone AG Some text...

CVE-2020-10666

The restapps aka Rest Phone apps module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command...

Command injection

The restapps aka Rest Phone apps module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command...

CVE-2020-10666

The restapps aka Rest Phone apps module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command...

CVE-2020-10666

The Restapps (Rest Phone apps) module in Sangoma FreePBX and PBXact (versions 13–15 up to 15.0.19.2) is vulnerable to remote code execution via a URL variable to an AMI command. Root cause is a flaw in Restapps’ handling of AMI commands that allows injection. Impact per sources is high (remote, n...