CVE-2014-1903

NONECVSS 0.0

0.0

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

🔗 References (24)

cve@mitrehttp://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html
cve@mitrehttp://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html
cve@mitrehttp://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03
cve@mitrehttp://code.freepbx.org/changelog/FreePBX_SVN?cs=16429
cve@mitrehttp://issues.freepbx.org/browse/FREEPBX-7117
cve@mitrehttp://issues.freepbx.org/browse/FREEPBX-7123
cve@mitrehttp://osvdb.org/103240
cve@mitrehttp://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html
cve@mitrehttp://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html
cve@mitrehttp://www.freepbx.org/news/2014-02-06/security-vulnerability-notice
cve@mitrehttp://www.securityfocus.com/archive/1/531040/100/0/threaded
cve@mitrehttps://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html
af854a3a-2127-422b-91ae-364da2661108http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

Is Your Infrastructure Affected by CVE-2014-1903?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-1903

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-1903?