CVE-2024-53564

Published: Dec 2, 2024Modified: Sep 23, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.

Affected (1)

Products: Sangoma: Freepbx

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sangoma Freepbx	Version 17.0.19.17

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903

Source: cve@mitre.org

Third Party Advisory

https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.