A remote attacker can bypass authentication and create a false FreePBX Administrator account, which will then let them perform any action on a FreePBX system as the FreePBX user (which is often 'asterisk' or 'apache'). As of 2014/10/01 all versions of FreePBX are affected.
260d4b01eefece16b936fcbf58b1831d277210366a095cd34a9abbeb2d4109dfFreePBX version 2.9 suffers from a remote code execution vulnerability.
d2b9cce20ce59a9ea58ad61bcebc7faee7331c69e786ddbe3786953df0a89e60
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed