Dismissed
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
11 packages
- rubyPackages.indieweb-endpoints
- rubyPackages_3_1.indieweb-endpoints
- rubyPackages_3_2.indieweb-endpoints
- rubyPackages_3_3.indieweb-endpoints
- rubyPackages_3_4.indieweb-endpoints
- rubyPackages_4_0.indieweb-endpoints
- python313Packages.alibabacloud-endpoint-util
- python314Packages.alibabacloud-endpoint-util
- python312Packages.azure-synapse-managedprivateendpoints
- python313Packages.azure-synapse-managedprivateendpoints
- python314Packages.azure-synapse-managedprivateendpoints
- @LeSuisse dismissed
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
References
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 x_refsource_MISC
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h x_refsource_CONFIRM
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h x_refsource_CONFIRM
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 x_refsource_MISC
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h x_refsource_CONFIRM
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 x_refsource_MISC
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 exploit
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h x_refsource_CONFIRM
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 x_refsource_MISC
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025… government-resource
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 exploit
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h x_refsource_CONFIRM
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 x_refsource_MISC
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025… government-resource
Affected products
endpoint
- ==< 17.0.3
- ==< 16.0.89
- ==< 15.0.66
security-reporting
- ==< 17.0.3
- ==< 16.0.89
- ==< 15.0.66