Vitalpbx Security Vulnerabilities and Issues — Vitalpbx CVE List

Lucene search

VitalpbxVitalpbx

4 matches found

CVE•added 2024/02/15 8:15 a.m.•68 views

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.

7.2CVSS7.6AI score0.01002EPSS

CVE•added 2022/06/24 4:15 p.m.•50 views

CVE-2022-29330

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.

4.9CVSS5AI score0.00335EPSS

CVE•added 2023/04/04 11:15 p.m.•43 views

CVE-2023-0486

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.

6.1CVSS6.1AI score0.00118EPSS

CVE•added 2023/04/04 11:15 p.m.•39 views

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.

8.8CVSS8.5AI score0.00089EPSS