PT-2014-4353 · Sangoma · Freepbx
Publicado
2014-02-18
·
Atualizado
2019-12-10
·
CVE-2014-1903
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FreePBX versions 2.9 through 2.9.0.13
FreePBX versions 2.10 through 2.10.1.14
FreePBX versions 2.11 through 2.11.0.22
FreePBX versions 12 through 12.0.1alpha21
Description
The issue allows remote attackers to execute arbitrary PHP code via the
function and args parameters to "admin/config.php".Recommendations
For FreePBX versions 2.9 through 2.9.0.13, update to version 2.9.0.14 or later.
For FreePBX versions 2.10 through 2.10.1.14, update to version 2.10.1.15 or later.
For FreePBX versions 2.11 through 2.11.0.22, update to version 2.11.0.23 or later.
For FreePBX versions 12 through 12.0.1alpha21, update to version 12.0.1alpha22 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Freepbx