FreePBX System Recordings Menu Arbitrary File Upload Vulnerability Network Vulnerability

Summary

FreePBX is prone to an arbitrary file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to upload arbitrary files to the affected computer this can result in arbitrary code execution within the context of the webserver. FreePBX 2.8.0 is vulnerable other versions may also be affected.

Solution

Updates are available please see the references for more information.

References

http://freepbx.org
http://www.freepbx.org/trac/ticket/4553
http://www.securityfocus.com/archive/1/513947
https://www.securityfocus.com/bid/43454
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3490

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

AdaptCMS 'init.php' Remote File Include Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat Multiple Vulnerabilities June-09
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities