#freepbx

[ follow ]
#authentication-bypass #sql-injection #arbitrary-file-upload #cve-2025-57819 #zero-day #remote-code-execution
Information security
fromThe Hacker News
1 day ago

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Critical FreePBX vulnerabilities enable SQL injection, arbitrary file upload, and authentication bypass allowing database manipulation and remote command execution when certain settings are enabled.
Information security
fromThe Hacker News
3 months ago

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

A critical CVE-2025-57819 FreePBX vulnerability enables unauthenticated arbitrary database manipulation and remote code execution; internet-exposed ACPs should be upgraded and restricted.
[ Load more ]