1. Home
  2. CVE Database
  3. CVE-2014-1903
HIGH · 7.5

CVE-2014-1903

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the AP...

Vulnerability Description

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
FreepbxFreepbx2.10
SangomaFreepbx2.9

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-1903?

CVE-2014-1903 is a vulnerability with a CVSS score of 7.5 (HIGH). admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the AP...

How severe is CVE-2014-1903?

CVE-2014-1903 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1903?

Check the references section above for vendor advisories and patch information. Affected products include: Freepbx Freepbx, Sangoma Freepbx.