Описание
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:freepbx:freepbx:2.10:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.11:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.12:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:2.9:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.84499
Высокий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
EPSS
Процентиль: 99%
0.84499
Высокий
7.5 High
CVSS2
Дефекты
CWE-264