exploitDog

CVE-2024-58294

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

Ссылки

https://www.exploit-db.com/exploits/52031
Exploit
Third Party Advisory
VDB Entry
https://www.freepbx.org/
Product
https://www.vulncheck.com/advisories/freepbx-authenticated-remote-code-execution-via-api-module
Third Party Advisory
https://www.youtube.com/watch?v=rqFJ0BxwlLI
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sangoma:freepbx:16.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0071

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-3f55-6gfh-8xfx

CVSS3: 8.8

github

около 2 месяцев назад

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

EPSS

Процентиль: 72%

0.0071

Низкий

8.8 High

CVSS3

Дефекты

CWE-78