The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
References
Link | Resource |
---|---|
https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE | Vendor Advisory |
https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2021-05-31 05:15
Updated : 2022-07-12 10:42
NVD link : CVE-2020-10666
Mitre link : CVE-2020-10666
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
sangoma
- restapps
- freepbx