Inj3Ctor3

**Name of the Vulnerable Software and Affected Versions** FreePBX versions prior to 2.9.0.9 FreePBX versions 2.10.x FreePBX versions prior to 2.11.1.5 **Description** The issue allows remote attackers to execute arbitrary code via the `ari auth` cookie, related to the PHP unserialize function. This has been exploited in the wild. **Recommendations** For versions prior to 2.9.0.9, update to version 2.9.0.9 or later. For versions 2.10.x, consider upgrading to a newer version series. For versions prior to 2.11.1.5, update to version 2.11.1.5 or later. As a temporary workaround, consider restricting access to the `htdocs ari/includes/login.php` file until a patch is available.