Sangoma Freepbx
10 CVEs affecting Sangoma Freepbx. Latest disclosed: 2026-05-29. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-46376 | Critical | 9.8 | 2026-05-29 | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using har… |
CVE-2026-44239 | High | 8.8 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input w… |
CVE-2026-44238 | High | 8.8 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Au… |
CVE-2026-44237 | High | 8.1 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during toke… |
CVE-2024-53564 | Low | 2.2 | 2024-12-02 | A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrat… |
CVE-2014-7235 | | 2014-10-07 | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows… | |
CVE-2014-1903 | | 2014-02-18 | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict… | |
CVE-2012-4870 | | 2012-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) contex… | |
CVE-2012-4869 | | 2012-09-06 | The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via th… | |
CVE-2010-3490 | | 2010-09-28 | Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows… |