Freepbx Endpointman vulnerabilities
2 known vulnerabilities affecting freepbx/endpointman.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-61678P2HIGHCVSS 8.6PoCfixed in 16.0.92v>= 17.0.0, < 17.0.62025-10-14
CVE-2025-61678 [HIGH] CWE-434 CVE-2025-61678: FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In version
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand parameter. The fwbrand parameter allows an attacker to change
nvd
CVE-2024-47071P3MEDIUMCVSS 6.8fixed in 14.0.42024-10-01
CVE-2024-47071 [MEDIUM] CWE-22 CVE-2024-47071: OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activati
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
nvd