CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-10666

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile6.05th
Published2021年5月31日
Last Modified2024年11月21日

Vulnerability Description

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.

Affected Platforms (CPE)

📦
Sangoma

Restapps

>= 13.0 and <= 13.0.93.2
📦
Sangoma

Restapps

>= 14.0 and <= 14.0.22.2
📦
Sangoma

Restapps

>= 15.0 and <= 15.0.19.2

References & Advisories

🔗 https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
🔗 https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities
🔗 https://wiki.freepbx.org/display/FOP/2020-03-12+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
🔗 https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities

関連する脆弱性情報

CVE-2021-454619.8

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attacke...

CVE-2024-74885.3

Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering S...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...