Lucene search

K

MitreCVELIST:CVE-2014-1903

HistoryFeb 18, 2014 - 11:00 a.m.

CVE-2014-1903

2014-02-1811:00:00

mitre

www.cve.org

1

7.4 High

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

References

archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

code.freepbx.org/changelog/FreePBX_SVN?cs=16429

issues.freepbx.org/browse/FREEPBX-7117

issues.freepbx.org/browse/FREEPBX-7123

osvdb.org/103240

packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

www.freepbx.org/news/2014-02-06/security-vulnerability-notice

www.securityfocus.com/archive/1/531040/100/0/threaded

github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

7.4 High

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

Related for CVELIST:CVE-2014-1903

seebug2 openvas1 saint4 prion1 nvd1 cve1 exploitpack1 checkpoint_advisories1 packetstorm1 zdt1 exploitdb1