Vulnerabilities (CVE)

Filtered by vendor Sangoma Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19852 1 Sangoma 1 Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
CVE-2019-19851 1 Sangoma 1 Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
CVE-2019-19615 1 Sangoma 1 Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19552 1 Sangoma 1 Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19551 1 Sangoma 1 Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19538 1 Sangoma 1 Freepbx 2024-11-21 6.5 MEDIUM 7.2 HIGH
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
CVE-2019-19006 1 Sangoma 1 Freepbx 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
CVE-2019-16967 2 Freepbx, Sangoma 2 Manager, Freepbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
CVE-2019-16966 2 Freepbx, Sangoma 2 Contactmanager, Freepbx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
CVE-2019-12148 1 Sangoma 2 Session Border Controller, Session Border Controller Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php.
CVE-2019-12147 1 Sangoma 2 Session Border Controller, Session Border Controller Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt.
CVE-2018-6393 1 Sangoma 1 Freepbx 2024-11-21 6.5 MEDIUM 7.2 HIGH
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
CVE-2018-15891 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
CVE-2018-12228 1 Sangoma 1 Asterisk 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
CVE-2017-9358 2 Asterisk, Sangoma 2 Certified Asterisk, Asterisk 2024-11-21 5.0 MEDIUM 7.5 HIGH
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
CVE-2017-17430 1 Sangoma 2 Netborder\/vega Session, Netborder\/vega Session Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
CVE-2014-7235 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 10.0 HIGH N/A
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
CVE-2014-1903 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 7.5 HIGH N/A
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
CVE-2012-4870 1 Sangoma 1 Freepbx 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
CVE-2012-4869 1 Sangoma 1 Freepbx 2024-11-21 7.5 HIGH N/A
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.