CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10666

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile6.05th
PublishedMay 31, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.

Affected Platforms (CPE)

πŸ“¦
Sangoma

Restapps

>= 13.0 and <= 13.0.93.2
πŸ“¦
Sangoma

Restapps

>= 14.0 and <= 14.0.22.2
πŸ“¦
Sangoma

Restapps

>= 15.0 and <= 15.0.19.2

References & Advisories

πŸ”— https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
πŸ”— https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities
πŸ”— https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
πŸ”— https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities

Related Vulnerabilities

CVE-2021-454619.8

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attacke...

CVE-2024-74885.3

Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering S...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...