FreePBX System Recordings Menu Arbitrary File Upload Vulnerability Network Vulnerability

Summary

FreePBX is prone to an arbitrary file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to upload arbitrary files to the affected computer this can result in arbitrary code execution within the context of the webserver. FreePBX 2.8.0 is vulnerable other versions may also be affected.

Solution

Updates are available please see the references for more information.

References

http://freepbx.org
http://www.freepbx.org/trac/ticket/4553
http://www.securityfocus.com/archive/1/513947
https://www.securityfocus.com/bid/43454
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3490

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities