CVE-2024-53564

Published Dec 2, 2024

Last updated 2 months ago

CVSS low 2.2

Overview

Description
A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
Source
cve@mitre.org
NVD status
Awaiting Analysis
CNA Tags
disputed

Risk scores

CVSS 3.1

Type
Secondary
Base score
2.2
Impact score
1.4
Exploitability score
0.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@mitre.org
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2024-53564 An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via u… https://t.co/suHPnGQ0Tc

    @CVEnew

    2 Dec 2024

    391 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References