Skip to main content

Vitalpbx

4 CVEs product

Monthly

CVE-2024-24386 HIGH POC This Week

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Vitalpbx
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-0486 MEDIUM POC This Month

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vitalpbx
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0480 HIGH POC This Week

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vitalpbx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-29330 MEDIUM POC This Month

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vitalpbx
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Vitalpbx
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vitalpbx
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vitalpbx
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vitalpbx
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy