We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53564



Description

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.

Reserved 2024-11-20 | Published 2024-12-02 | Updated 2025-01-14 | Assigner mitre


LOW: 2.2CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unknown

17.0.19.17
affected

References

gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903

gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c

cve.org (CVE-2024-53564)

nvd.nist.gov (CVE-2024-53564)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53564

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.