CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-1903

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.837

EPSS Ranking 99.2%

CVSS Severity

CVSS v2 Score 7.5

References

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html
http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03
http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429
http://issues.freepbx.org/browse/FREEPBX-7117
http://issues.freepbx.org/browse/FREEPBX-7123
http://osvdb.org/103240
http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html
http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html
http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice
http://www.securityfocus.com/archive/1/531040/100/0/threaded
https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html
http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03
http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429
http://issues.freepbx.org/browse/FREEPBX-7117
http://issues.freepbx.org/browse/FREEPBX-7123
http://osvdb.org/103240
http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html
http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html
http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice
http://www.securityfocus.com/archive/1/531040/100/0/threaded
https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

Products affected by CVE-2014-1903

Freepbx » Freepbx » Version: 2.10

cpe:2.3:a:freepbx:freepbx:2.10
Freepbx » Freepbx » Version: 2.11

cpe:2.3:a:freepbx:freepbx:2.11
Freepbx » Freepbx » Version: 2.12

cpe:2.3:a:freepbx:freepbx:2.12
Sangoma » Freepbx » Version: 2.9

cpe:2.3:a:sangoma:freepbx:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-1903

Products

Pricing

Contact Us