Skip to main content

Freepbx

20 CVEs product

Monthly

CVE-2026-28287 HIGH This Week

Unauthenticated command injection in FreePBX recordings module (versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4) allows authenticated attackers to execute arbitrary system commands with full system privileges. The vulnerability stems from improper input validation in the recordings functionality, enabling complete compromise of affected FreePBX installations. No patch is currently available.

Command Injection Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28284 HIGH This Week

SQL injection in the FreePBX logfiles module allows authenticated attackers to manipulate database queries and potentially extract sensitive data or modify system records. Versions prior to 16.0.10 and 17.0.5 are vulnerable, and attackers with valid FreePBX credentials can exploit this weakness to achieve high-impact unauthorized access to confidential information and system integrity. No patch is currently available for affected deployments.

SQLi Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28210 HIGH This Week

Unauthenticated SQL injection in the FreePBX CDR module (versions before 16.0.49 and 17.0.7) allows authenticated users to execute arbitrary SQL commands and potentially compromise the entire database. An attacker with valid credentials can exploit this vulnerability to read sensitive call records, modify system data, or escalate privileges within the FreePBX system. No patch is currently available, leaving affected installations at high risk until upgrades are deployed.

SQLi Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28209 HIGH This Week

Unauthenticated command injection in FreePBX versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4 via the ElevenLabs Text-to-Speech integration allows authenticated users with high privileges to execute arbitrary system commands. The vulnerability exists in the recordings module and affects all installations using the vulnerable TTS engine. No patch is currently available, leaving affected systems at risk of full system compromise.

Command Injection AI / ML Freepbx
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-55210 HIGH PATCH This Week

Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).

MySQL Privilege Escalation Freepbx
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59056 MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Freepbx
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-55211 MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Freepbx
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-57819 CRITICAL POC KEV THREAT Emergency

FreePBX 15, 16, and 17 contain SQL injection vulnerabilities enabling unauthenticated access to the administrator interface, leading to database manipulation and remote code execution.

RCE SQLi Freepbx
NVD GitHub
CVSS 4.0
10.0
EPSS
68.5%
Threat
7.1
CVE-2024-53564 HIGH This Week

A vulnerability was discovered in FreePBX 17.0.19.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Freepbx
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-43336 HIGH POC This Week

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-19552 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19551 MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Freepbx
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19006 CRITICAL POC KEV THREAT Act Now

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
CVSS 3.1
9.8
EPSS
36.6%
CVE-2019-16967 MEDIUM POC PATCH This Month

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Manager Freepbx
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-16966 MEDIUM PATCH This Month

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Contactmanager Freepbx
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-6393 HIGH POC This Week

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Freepbx
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2014-7235 CRITICAL POC THREAT Emergency

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.0%.

Deserialization RCE PHP Code Injection Freepbx
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
52.0%
Threat
5.1
CVE-2014-1903 HIGH POC THREAT Act Now

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

PHP Privilege Escalation Freepbx
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
84.5%
Threat
5.5
CVE-2012-4870 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.3%.

PHP XSS Freepbx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.3%
CVE-2012-4869 HIGH POC THREAT Act Now

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.7%.

PHP Code Injection RCE Freepbx
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.7%
Threat
5.6
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated command injection in FreePBX recordings module (versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4) allows authenticated attackers to execute arbitrary system commands with full system privileges. The vulnerability stems from improper input validation in the recordings functionality, enabling complete compromise of affected FreePBX installations. No patch is currently available.

Command Injection Freepbx
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in the FreePBX logfiles module allows authenticated attackers to manipulate database queries and potentially extract sensitive data or modify system records. Versions prior to 16.0.10 and 17.0.5 are vulnerable, and attackers with valid FreePBX credentials can exploit this weakness to achieve high-impact unauthorized access to confidential information and system integrity. No patch is currently available for affected deployments.

SQLi Freepbx
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated SQL injection in the FreePBX CDR module (versions before 16.0.49 and 17.0.7) allows authenticated users to execute arbitrary SQL commands and potentially compromise the entire database. An attacker with valid credentials can exploit this vulnerability to read sensitive call records, modify system data, or escalate privileges within the FreePBX system. No patch is currently available, leaving affected installations at high risk until upgrades are deployed.

SQLi Freepbx
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated command injection in FreePBX versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4 via the ElevenLabs Text-to-Speech integration allows authenticated users with high privileges to execute arbitrary system commands. The vulnerability exists in the recordings module and affects all installations using the vulnerable TTS engine. No patch is currently available, leaving affected systems at risk of full system compromise.

Command Injection AI / ML Freepbx
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).

MySQL Privilege Escalation Freepbx
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Freepbx
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Freepbx
NVD GitHub
EPSS 68% 7.1 CVSS 10.0
CRITICAL POC KEV THREAT Emergency

FreePBX 15, 16, and 17 contain SQL injection vulnerabilities enabling unauthenticated access to the administrator interface, leading to database manipulation and remote code execution.

RCE SQLi Freepbx
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability was discovered in FreePBX 17.0.19.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Freepbx
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Freepbx
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Freepbx
NVD
EPSS 37% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Manager +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Contactmanager +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Freepbx
NVD GitHub
EPSS 52% 5.1 CVSS 10.0
CRITICAL POC THREAT Emergency

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.0%.

Deserialization RCE PHP +2
NVD GitHub Exploit-DB
EPSS 84% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

PHP Privilege Escalation Freepbx
NVD GitHub Exploit-DB
EPSS 11% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.3%.

PHP XSS Freepbx
NVD Exploit-DB
EPSS 86% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.7%.

PHP Code Injection RCE +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy