Vulnerabilidades em FreePBX
31 resultadosCVE-2025-57819CRITICALFreePBX Affected by Authentication Bypass Leading to SQL Injection and RCEEPSS 93.3%KEVCVE-2025-64328HIGHFreePBX Administration GUI is Vulnerable to Authenticated Command InjectionEPSS 84.4%KEVCVE-2025-61678HIGHFreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameterEPSS 50.2%CVE-2025-61675HIGHFreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parametersEPSS 39.0%CVE-2026-28287HIGHFreePBX: Authenticated Remote Code Execution via Recordings Module AJAX EndpointsEPSS 8.5%CVE-2025-67736HIGHAuthenticated SQL Injection in FreePBX tts (Text To Speech) moduleEPSS 6.1%CVE-2024-58294HIGHFreePBX 16 Authenticated Remote Code Execution via API ModuleEPSS 3.1%CVE-2025-66039CRITICALFreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth HeaderEPSS 3.0%CVE-2026-40520HIGHFreePBX api module Command Injection via GraphQLEPSS 1.4%CVE-2026-26978HIGHFree PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.phpEPSS 0.9%CVE-2026-28209HIGHFreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integrationEPSS 0.9%CVE-2020-36630MEDIUMFreePBX cdr Cdr.class.php ajaxHandler sql injectionEPSS 0.7%CVE-2025-59051HIGHFreePBX Endpoint Manager command injection via Network Scanning featureEPSS 0.6%CVE-2021-4282LOWFreePBX voicemail page.voicemail.php cross site scriptingEPSS 0.5%CVE-2019-25090LOWFreePBX arimanager Views cross site scriptingEPSS 0.5%CVE-2025-55739MEDIUMapi: Shared OAuth Signing Key Between Different InstancesEPSS 0.5%CVE-2024-47071MEDIUMOSS Endpoint Manager allows unauthorized access to read system filesEPSS 0.5%CVE-2025-59056MEDIUMFreePBX vulnerable to unauthenticated Denial of ServiceEPSS 0.4%CVE-2026-46376CRITICALFreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP InterfaceEPSS 0.4%CVE-2025-55211MEDIUMFreePBX Post-Authenticated Command InjectionEPSS 0.4%