Vulnerability in Freepbx
CVE-2014-1903
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attacker…
EPSS: 0.845 (99.3th percentile) — read the EPSS interpretation.
Affected products
- Freepbx — versions 2.10, 2.11, 2.12
- Sangoma Freepbx — versions 2.9
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_MISC)
- 103240 (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- 20140211 Re: Freepbx , php code execution exploit (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_MISC)
- 20140211 Freepbx , php code execution exploit (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2014-1903?
- CVE-2014-1903 is a vulnerability in Freepbx, classified under CWE-264. Published 2014-02-18.
- Is CVE-2014-1903 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.