CVE-2009-1803
published 2009-05-28CVE-2009-1803: FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.22%
64.9th percentile
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| sangoma | freepbx | — | — |
| sangoma | freepbx | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2009-05-28
Published