CVE-2024-53564

Name of the Vulnerable Software and Affected Versions FreePBX version 17.0.19.17

Description A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for remote code execution. The vulnerability requires authentication, which may lower its priority, but it still needs to be addressed.

Recommendations For FreePBX version 17.0.19.17, patch immediately and review uploaded files for malicious content. Additionally, audit admin access to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the /module admin/upload.php endpoint until a patch is available.