Freepbx@* Security Vulnerabilities and Issues — Freepbx@* CVE List

Lucene search

SangomaFreepbx*

4 matches found

CVE•added 2020/03/16 9:15 p.m.•91 views

CVE-2019-19538

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

7.2CVSS7.2AI score0.0153EPSS

CVE•added 2020/03/16 4:15 p.m.•53 views

CVE-2019-19851

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.

4.8CVSS5.1AI score0.00285EPSS

CVE•added 2020/03/16 9:15 p.m.•52 views

CVE-2019-19615

Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code ...

4.8CVSS5.2AI score0.00306EPSS

CVE•added 2020/03/16 9:15 p.m.•41 views

CVE-2019-19852

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.

4.8CVSS5AI score0.00306EPSS