FreePBX 17.0.2.36 < 17.0.3 Command Injection (GHSA-vm9p-46mv-5xvw)

The version of FreePBX installed on the remote host is 17.0.2.36 or later but prior to 17.0.3. It is, therefore, affected by a command injection vulnerability: - The filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated...

CVE-2025-64328 FreePBX Administration GUI is Vulnerable to Authenticated Command Injection

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

FreePBX Endpoint Manager 操作系统命令注入漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. An operating system command injection vulnerability exists in FreePBX Endpoint Manager version 17.0.2.36 through prior to 17.0.3, which stems from a command injection in the testconnecti...

PT-2025-45402

Name of the Vulnerable Software and Affected Versions FreePBX versions 17.0.2.36 through 17.0.3 Description FreePBX Endpoint Manager, a module for managing telephony endpoints, contains a post-authentication command injection flaw within the filestore module of the Administrative interface. This...

EUVD-2025-24808

Malicious code in bioql PyPI...

EUVD-2022-5164

Malicious code in bioql PyPI...

CVE-2025-10770

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

CVE-2025-10771

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

CVE-2025-10771

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

CVE-2025-10771

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

CVE-2025-10771 jeecgboot JimuReport DB2 JDBC testConnection deserialization

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

CVE-2025-10770 jeecgboot JimuReport MySQL JDBC testConnection deserialization

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

PT-2025-38668

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.1.2 Description A vulnerability exists in jeecgboot JimuReport up to version 2.1.2. The issue impacts an unknown function within the /drag/onlDragDataSource/testConnection file of the MySQL JDBC Handler...

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely...

PT-2025-33270 · Unknown · Jeecgboot Jimureport

Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 2.1.1 Description: A vulnerability exists in jeecgboot JimuReport up to version 2.1.1, related to an unknown functionality within the /drag/onlDragDataSource/testConnection file of the Data Large Screen...

CVE-2024-1032

A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be...

CVE-2024-1032

CVE-2024-1032 concerns openBI up to v1.0.8, where the vulnerable component is the Test Connection Handler’s function testConnection in /application/index/controller/Databasesource.php. The issue is a deserialization vulnerability that can be exploited remotely, with public disclosure of the explo...

GHSA-PM8V-PPX7-8HR4 Jeecg boot arbitrary file read vulnerability

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...

Jeecg boot arbitrary file read vulnerability

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...

CVE-2023-41578

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...