Nch Axon Pbx vulnerabilities
4 known vulnerabilities affecting nch/axon_pbx.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-37441P3HIGHCVSS 8.8≤ 2.222021-07-25
CVE-2021-37441 [HIGH] CWE-22 CVE-2021-37441: NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. su
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
nvd
CVE-2018-11551P3HIGHCVSS 7.8v2.022018-06-01
CVE-2018-11551 [HIGH] CWE-426 CVE-2018-11551: AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote att
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
nvd
CVE-2018-11552P3MEDIUMCVSS 6.1v2.022018-06-01
CVE-2018-11552 [MEDIUM] CWE-79 CVE-2018-11552: There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" fi
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.
nvd
CVE-2021-37440P3MEDIUMCVSS 6.5≤ 2.222021-07-25
CVE-2021-37440 [MEDIUM] CWE-22 CVE-2021-37440: NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. su
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
nvd