CNNVD-202512-2060 Information
CNNVD ID
CNNVD-202512-2060
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 16版本存在操作系统命令注入漏洞,该漏洞源于API模块中存在远程代码执行,可能导致建立远程shell访问。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX 16 has an operational system command-infusion loophole, which stems from the remote code execution in the API module, which may lead to the creation of remote shell access.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
FreePBX
Published
2025-12-11
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/52031 https://www.freepbx.org/ https://www.vulncheck.com/advisories/freepbx-authenticated-remote-code-execution-via-api-module https://www.youtube.com/watch?v=rqFJ0BxwlLI
Patch
https://www.freepbx.org/downloads/
Share on: