S0Nnywt

**Name of the Vulnerable Software and Affected Versions** FreePBX (affected versions not specified) **Description** Hardcoded credentials in the Userman module allow unauthenticated access to the portal, potentially exposing business phone systems. **Recommendations** Update the installed modules to the latest version.

**Name of the Vulnerable Software and Affected Versions** FreePBX versions 17.0.19.11 through 17.0.20 **Description** FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel (ACP) can execute arbitrary shell commands by manipulating the framework module's language settings. This allows malicious actors to potentially compromise the system. **Recommendations** Update to version 17.0.21 or later.

Name of the Vulnerable Software and Affected Versions: DNN (formerly DotNetNuke) versions prior to 9.13.8 Description: A bypass has been identified for a previously known vulnerability, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This issue facilitates a semi-blind Server-Side Request Forgery (SSRF) attack, enabling attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance and bypassing firewalls. Recommendations: For versions prior to 9.13.8, update to version 9.13.8 to resolve the issue. As a temporary workaround, consider restricting access to internal networks and URLs to minimize the risk of exploitation.