GCVE - cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*

part: a version: 2.4.0 update: *

Vendor	Sangoma (`d67f1eae-5751-5e76-a443-3846a37ebaf1`)
Product	Freepbx (`e9bb594c-71db-5304-9653-3ac665826160`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-1803`	vulnerable	2026-06-03 14:29:37.452661	Details available FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Published: 2009-05-28T14:00:00.000Z Updated: 2024-09-16T22:51:26.975Z Open on db.gcve.eu Reference links http://www.osvdb.org/54263 http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1802`	vulnerable	2026-06-03 14:29:37.452060	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. Published: 2009-05-28T14:00:00.000Z Updated: 2024-09-17T00:26:13.030Z Open on db.gcve.eu Reference links http://osvdb.org/54262 http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1801`	vulnerable	2026-06-03 14:29:37.449564	Details available Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information. Published: 2009-05-28T14:00:00.000Z Updated: 2024-08-07T05:27:54.569Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/50361 http://osvdb.org/54260 http://osvdb.org/54261 http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.