VYPR

Vendor CVEs

Freepbx

All CVEs

85 total · sorted by risk
  • CVE-2026-46376CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP.…

  • CVE-2017-17430CriDec 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.

  • CVE-2025-61678HigOct 14, 2025
    risk 0.60cvss epss 0.50

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting…

  • CVE-2025-61675HigOct 14, 2025
    risk 0.59cvss epss 0.39

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple…

  • CVE-2026-44239HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php…

  • CVE-2026-44238HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full…

  • CVE-2025-62173HigDec 4, 2025
    risk 0.56cvss epss 0.00

    ## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API

  • CVE-2025-59051HigOct 14, 2025
    risk 0.56cvss epss 0.01

    The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows…

  • CVE-2023-26566HigMay 14, 2024
    risk 0.56cvss 8.6epss 0.01

    Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API.

  • CVE-2026-44237HigMay 29, 2026
    risk 0.53cvss 8.1epss 0.00

    FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php…

  • CVE-2026-26978HigMay 18, 2026
    risk 0.49cvss epss 0.01

    FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX…

  • CVE-2017-9358HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion…

  • CVE-2018-6393HigJan 29, 2018
    risk 0.47cvss 7.2epss 0.02

    FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged…

  • CVE-2025-67513MedDec 10, 2025
    risk 0.45cvss epss 0.00

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password…

  • CVE-2026-40520HigApr 21, 2026
    risk 0.40cvss 7.2epss 0.01

    FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token…

  • CVE-2015-2690MedAug 2, 2017
    risk 0.40cvss 6.1epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name,…

  • CVE-2024-47071MedOct 1, 2024
    risk 0.37cvss 6.8epss 0.00

    OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

  • CVE-2025-55739MedSep 5, 2025
    risk 0.26cvss epss 0.01

    api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX…

  • CVE-2025-55209MedSep 4, 2025
    risk 0.26cvss epss 0.00

    contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a…

  • CVE-2026-45362LowMay 12, 2026
    risk 0.21cvss 3.2epss 0.00

    Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.

  • CVE-2025-64328KEVNov 7, 2025
    risk 0.21cvss epss 0.84

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known…

  • CVE-2025-57819KEVAug 28, 2025
    risk 0.21cvss epss 0.93

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code…

  • CVE-2019-19006KEVNov 21, 2019
    risk 0.14cvss epss 0.37

    Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

  • CVE-2012-4869Sep 6, 2012
    risk 0.09cvss epss 0.70

    The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

  • CVE-2014-1903Feb 18, 2014
    risk 0.07cvss epss 0.52

    admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the…

  • CVE-2013-4868Dec 27, 2019
    risk 0.05cvss epss 0.05

    Karotz API 12.07.19.00: Session Token Information Disclosure

  • CVE-2010-3490Sep 28, 2010
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to…

  • CVE-2025-66039Dec 9, 2025
    risk 0.03cvss epss 0.03

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated…

  • CVE-2012-4870Sep 6, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to…

  • CVE-2009-4458Dec 30, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description…

  • CVE-2007-2191Apr 24, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and…

  • CVE-2006-7107Mar 3, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.

  • CVE-2021-45461Dec 22, 2021
    risk 0.01cvss epss 0.22

    FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

  • CVE-2026-28287Mar 5, 2026
    risk 0.00cvss epss 0.08

    FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.

  • CVE-2026-28284Mar 5, 2026
    risk 0.00cvss epss 0.00

    FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.

  • CVE-2026-28210Mar 5, 2026
    risk 0.00cvss epss 0.00

    FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.

  • CVE-2026-28209Mar 5, 2026
    risk 0.00cvss epss 0.01

    FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched…

  • CVE-2025-55210Feb 12, 2026
    risk 0.00cvss epss 0.00

    FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to…

  • CVE-2025-67736Dec 16, 2025
    risk 0.00cvss epss 0.06

    The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with…

  • CVE-2025-67722Dec 16, 2025
    risk 0.00cvss epss 0.00

    FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script `amportal`. In the deprecated…

  • CVE-2024-58294Dec 11, 2025
    risk 0.00cvss epss 0.03

    FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command…

  • CVE-2025-59429Oct 14, 2025
    risk 0.00cvss epss 0.00

    FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is…

  • CVE-2025-59056Sep 15, 2025
    risk 0.00cvss epss 0.00

    FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables,…

  • CVE-2025-55211Sep 15, 2025
    risk 0.00cvss epss 0.00

    FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed…

  • CVE-2025-32105Jun 3, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.

  • CVE-2024-53566Dec 2, 2024
    risk 0.00cvss epss 0.00

    An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

  • CVE-2024-53564Dec 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege…

  • CVE-2023-43336Nov 2, 2023
    risk 0.00cvss epss 0.01

    Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

  • CVE-2023-26567Apr 26, 2023
    risk 0.00cvss epss 0.01

    Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface.…

  • CVE-2019-25090Dec 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched…

Page 1 of 2