GCVE - cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*

part: a version: 2.5 update: *

Vendor	Freepbx (`d2522fe8-489d-5eaf-bf22-7a0d08f83c2b`)
Product	Freepbx (`72471b29-0692-5641-9677-5fafa2d8729d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/freepbx/framework`	purl2cpe	2026-06-01 10:13:12.075665

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-1803`	vulnerable	2026-06-03 14:29:37.452564	Details available FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Published: 2009-05-28T14:00:00.000Z Updated: 2024-09-16T22:51:26.975Z Open on db.gcve.eu Reference links http://www.osvdb.org/54263 http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1802`	vulnerable	2026-06-03 14:29:37.451912	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. Published: 2009-05-28T14:00:00.000Z Updated: 2024-09-17T00:26:13.030Z Open on db.gcve.eu Reference links http://osvdb.org/54262 http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.