ГлавнаяУязвимости → CVE-2024-58294
8.8высокая

CVE-2024-58294

Описание

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

Затрагиваемое ПО
Sangoma Freepbx
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/52031https://www.freepbx.org/https://www.vulncheck.com/advisories/freepbx-authenticated-remote-code-execution-via-api-modulehttps://www.youtube.com/watch?v=rqFJ0BxwlLI