VYPR
Unrated severityNVD Advisory· Published Feb 18, 2014· Updated Jun 17, 2026

CVE-2014-1903

CVE-2014-1903

Description

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Freepbx/Freepbx5 versions
    cpe:2.3:a:freepbx:freepbx:2.10:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:freepbx:freepbx:2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freepbx:freepbx:2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:freepbx:freepbx:2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*
    • (no CPE)range: Before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, 12 before 12.0.1alpha22

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.