Main Vulnerability Database Exploits ID:3934 - Exploit for Permissions, Privileges, and Access Controls in FreePBX - CVE-2014-1903

ID:3934 - Exploit for Permissions, Privileges, and Access Controls in FreePBX - CVE-2014-1903

Published: August 11, 2020

Vulnerability identifier: #VU42023

Vulnerability risk: Medium

CVE-ID: CVE-2014-1903

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
FreePBX

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/unix/webapp/freepbx_config_exec

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

Remediation

Install update from vendor's website.

ID:3934 - Exploit for Permissions, Privileges, and Access Controls in FreePBX - CVE-2014-1903

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human