Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-26567

EPSS 0.28% · P51
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-26567

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreePBX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX存在安全漏洞,该漏洞源于从官方 ISO 镜像安装期间,在 Asterisk 全局变量列表中添加 AMPDBUSER、AMPDBPASS、AMPMGRUSER、AMPMGRPASS 变量,这些变量会公开 Asterisk 数据库的明文身份验证凭据(MariaDB/ MySQL) 和 Asterisk Manager接
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-26567

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-26567

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-04-26 · 26 CVEs total

CVE-2023-22943.5 LOWUCMS Column Configuration saddpost.php cross site scripting
CVE-2023-30212OURPHP 跨站脚本漏洞
CVE-2023-24796Vinga WR-AC1200 安全漏洞
CVE-2022-39989Fighting Cock Information System 信任管理问题漏洞
CVE-2023-30112Medicine Tracker System SQL注入漏洞
CVE-2023-30265CLTPHP 路径遍历漏洞
CVE-2023-30266CLTPHP 代码问题漏洞
CVE-2023-30267CLTPHP 跨站脚本漏洞
CVE-2023-30269CLTPHP 输入验证错误漏洞
CVE-2022-27978ToolJet 安全漏洞
CVE-2022-27979ToolJet 跨站脚本漏洞
CVE-2023-30210OURPHP 跨站脚本漏洞
CVE-2023-30211OURPHP SQL注入漏洞
CVE-2023-27107MyQ Solution Print Server和MyQ Solution Central Server 安全漏洞
CVE-2022-44232libming 安全漏洞
CVE-2023-26930Glyph & Cog XpdfReader 安全漏洞
CVE-2020-36070Voyager 安全漏洞
CVE-2023-29596Cmix 安全漏洞
CVE-2023-29835Wondershare Dr.Fone 安全漏洞
CVE-2023-29836Exelysis Unified Communication Solutions 跨站脚本漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-26567

No comments yet

Leave a comment