Frogman
Monthly
Missing authorization in Frogman, a headless Asterisk PBX control layer exposed over MCP and an HTTP API, lets any low-privilege PERM_READ caller invoke eight administrative tools (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, fm_diagnose_trunk) that should require admin, leaking AMI manager secrets, outbound dial PINs, full dialplan context, root SSH connection commands, backup artifact paths, CDR history, and raw AMI endpoint dumps containing SIP password/md5_cred/oauth_secret fields, plus executing arbitrary saved GraphQL queries. All releases prior to 1.6.3 are affected, tracked under GHSA-q4c4-5cr4-8q47 with a CVSS 4.0 score of 9.3. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Code injection in Frogman before 1.6.2 lets an authenticated PERM_WRITE caller of the MCP/HTTP dialplan API inject arbitrary Asterisk directives - including System() and Set(SHELL(...)) - into extensions_custom.conf, yielding remote command execution on the PBX host. The flaw stems from fm_dialplan_apply sanitizing only the context name while passing template parameters such as greeting, dest, url, extension, code, and file into generated dialplan text unchecked. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but the CVSS is 9.9 and the fix (v1.6.2) plus root-cause commit are public.
Sensitive credential exposure in Frogman (an mwtcmi FreePBX module providing headless PBX control via MCP and an HTTP API) before 1.6.2 stores API tokens in cleartext, so any read of the oc_api_tokens database table yields fully reusable, active tokens at their assigned permission level - up to admin. Because Frogman.class.php authenticated the X-Frogman-Token header by directly comparing the presented value against the stored raw string, a leaked or read database directly hands an attacker working credentials. Rated CVSS 7.4 (high); no public exploit identified at time of analysis, and the issue is fixed in version 1.6.2.
Plaintext credential exposure in Frogman's audit logging pipeline allows any authenticated low-privilege user holding PERM_READ access to recover passwords and extension secrets set by administrative operations. Frogman versions prior to 1.6.2 encode full tool response payloads - including the plaintext password returned by fm_reset_password and the plaintext secret returned by fm_add_extension - directly into the oc_audit_log.detail column via auditOutcome in Frogman.class.php. Because fm_audit_search was gated only at PERM_READ rather than PERM_ADMIN, any read-tier caller could query historical audit entries and extract those credentials. No public exploit code or active exploitation has been identified at time of analysis; the CVSS score of 6.5 reflects the authenticated-but-low-privilege access requirement and high confidentiality impact.
Missing authorization in Frogman, a headless Asterisk PBX control layer exposed over MCP and an HTTP API, lets any low-privilege PERM_READ caller invoke eight administrative tools (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, fm_diagnose_trunk) that should require admin, leaking AMI manager secrets, outbound dial PINs, full dialplan context, root SSH connection commands, backup artifact paths, CDR history, and raw AMI endpoint dumps containing SIP password/md5_cred/oauth_secret fields, plus executing arbitrary saved GraphQL queries. All releases prior to 1.6.3 are affected, tracked under GHSA-q4c4-5cr4-8q47 with a CVSS 4.0 score of 9.3. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Code injection in Frogman before 1.6.2 lets an authenticated PERM_WRITE caller of the MCP/HTTP dialplan API inject arbitrary Asterisk directives - including System() and Set(SHELL(...)) - into extensions_custom.conf, yielding remote command execution on the PBX host. The flaw stems from fm_dialplan_apply sanitizing only the context name while passing template parameters such as greeting, dest, url, extension, code, and file into generated dialplan text unchecked. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but the CVSS is 9.9 and the fix (v1.6.2) plus root-cause commit are public.
Sensitive credential exposure in Frogman (an mwtcmi FreePBX module providing headless PBX control via MCP and an HTTP API) before 1.6.2 stores API tokens in cleartext, so any read of the oc_api_tokens database table yields fully reusable, active tokens at their assigned permission level - up to admin. Because Frogman.class.php authenticated the X-Frogman-Token header by directly comparing the presented value against the stored raw string, a leaked or read database directly hands an attacker working credentials. Rated CVSS 7.4 (high); no public exploit identified at time of analysis, and the issue is fixed in version 1.6.2.
Plaintext credential exposure in Frogman's audit logging pipeline allows any authenticated low-privilege user holding PERM_READ access to recover passwords and extension secrets set by administrative operations. Frogman versions prior to 1.6.2 encode full tool response payloads - including the plaintext password returned by fm_reset_password and the plaintext secret returned by fm_add_extension - directly into the oc_audit_log.detail column via auditOutcome in Frogman.class.php. Because fm_audit_search was gated only at PERM_READ rather than PERM_ADMIN, any read-tier caller could query historical audit entries and extract those credentials. No public exploit code or active exploitation has been identified at time of analysis; the CVSS score of 6.5 reflects the authenticated-but-low-privilege access requirement and high confidentiality impact.