|Number of vulnerabilities||1|
|Public exploit||This vulnerability is being exploited in the wild.|
Web applications / Modules and components for CMS
This security bulletin contains one critical risk vulnerability.
CWE-20 - Improper input validation
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in the Phone Apps (restapps) module for FreePBX. A remote attacker can send specially crafted input to the application and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.Vulnerable software versions
Phone Apps: 184.108.40.206 - 220.127.116.11
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?