Vitalpbx

vitalpbx

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-24386 1Vitalpbx 1Vitalpbx Sep 18, 2025 Feb 15, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
CVE-2023-0486 1Vitalpbx 1Vitalpbx Feb 13, 2025 Apr 4, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.
CVE-2023-0480 1Vitalpbx 1Vitalpbx Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.
CVE-2022-29330 1Vitalpbx 1Vitalpbx Jun 17, 2026 Jun 24, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.