ByteOS Network

security-reporting

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-57819

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-10||CRITICAL

EPSS-Not Assigned

Published-28 Aug, 2025 | 16:45

Updated-28 Aug, 2025 | 17:15

FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

Vendor-FreePBX

Product-security-reporting

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-47071

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.12% / 31.29%

7 Day CHG~0.00%

Published-01 Oct, 2024 | 15:40

Updated-04 Oct, 2024 | 13:51

OSS Endpoint Manager allows unauthorized access to read system files

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

Vendor-FreePBX

Product-security-reporting endpoint_manager

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')