CRITICAL🇵🇱 Wersja polska

CVE-2020-10666

CVSS 9.8v3.1pub. 2021-05-31upd. 2024-11-21

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sangoma Freepbx

    APP
    Sangoma
    wszystkie wersje
  • Sangoma Restapps

    APP
    Sangoma
    13.0 – 13.0.93.214.0 – 14.0.22.215.0 – 15.0.19.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-57819CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Krytyczna podatność RCE i SQL injection w Sangoma FreePBX (bez uwierzytelnienia)

CVE-2019-19006CRITICAL9.8⚠ KEVten sam produkt

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Contr...

CVE-2026-46376CRITICAL9.3PL ✓ten sam produkt

FreePBX UCP: dostęp bez uwierzytelnienia przez wbudowane dane logowania

CVE-2025-66039CRITICAL9.3PL ✓ten sam produkt

FreePBX Endpoint Manager — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2021-45461CRITICAL9.8ten sam produkt

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, a...