CVE-2024-53564

N/A

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

危险类型文件的不加限制上传

FreePBX 安全漏洞

FreePBX（前称Asterisk Management Portal）是FreePBX项目的一套通过GUI（基于网页的图形化接口）配置Asterisk（IP电话系统）的工具。 FreePBX v17.0.19.17版本存在安全漏洞。攻击者利用该漏洞可以通过上传特制的文件来执行任意代码。

N/A

N/A