We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
Reserved 2024-11-20 | Published 2024-12-02 | Updated 2025-01-14 | Assigner mitreCWE-434 Unrestricted Upload of File with Dangerous Type
gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903
gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c
Support options