EUVD-2023-12536

Malicious code in bioql PyPI...

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

Design/Logic Flaw

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

CVE-2024-24386

CVE-2024-24386 affects VitalPBX v3.2.4-5. An attacker can run arbitrary code via a crafted payload to /var/lib/vitalpbx/scripts, caused by insufficient protection when processing a script from that directory (per PT-Security/Red Hat/NVD entries). Impact is high: remote code execution. Remediation...

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...

CVE-2023-0486

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...

Cross site scripting

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...

Cross site request forgery (csrf)

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

CVE-2023-0486

CVE-2023-0486 affects VitalPBX version 3.2.3-8, where an unauthenticated attacker can obtain the instance administrator account via a malicious link due to a cross-site scripting (XSS) flaw. The connected documents consistently identify the same vulnerability and affected version; no official pat...

CVE-2023-0480

CVE-2023-0480 affects VitalPBX 3.2.3-8, where an unauthenticated external attacker can leverage a CSRF flaw to obtain the administrator’s account. The vulnerability is documented across multiple sources and versions, with the impact described as compromising admin access. Mitigation guidance foun...

VitalPBX Access Control Error Vulnerability

VitalPBX is an Asterisk-based unified communications PBX system. It supports deployment on both virtual or physical machines, as well as in cloud server environments. An Access Control Error vulnerability exists in VitalPBX versions prior to 3.2.1, which stems from a lack of access control in the...

CVE-2022-29330

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors...