CVE-2014-1903

Published: Feb 18, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

Affected (4)

Products: Freepbx: Freepbx · Sangoma: Freepbx

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Freepbx Freepbx	Version 2.10
Freepbx Freepbx	Version 2.11
Freepbx Freepbx	Version 2.12
Sangoma Freepbx	Version 2.9

Related CWEs

References (24)

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

Source: cve@mitre.org

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

Source: cve@mitre.org

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

Source: cve@mitre.org

http://issues.freepbx.org/browse/FREEPBX-7117

Source: cve@mitre.org

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Source: cve@mitre.org

Vendor Advisory

http://osvdb.org/103240

Source: cve@mitre.org

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

Source: cve@mitre.org

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531040/100/0/threaded

Source: cve@mitre.org

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

Source: af854a3a-2127-422b-91ae-364da2661108

http://issues.freepbx.org/browse/FREEPBX-7117

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/103240

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/531040/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.