← back
CVE-2014-1903

CVE-2014-1903

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 52%
from disclosure to weapon22 days
Published on NVDFeb 18
1st PoC+22d
metasploit+31d
exploitation probability
52%top 1% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.