Endpointman
Approved changes feed: RSS · Atom
cpe:2.3:a:freepbx:endpointman:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Freepbx (d2522fe8-489d-5eaf-bf22-7a0d08f83c2b) |
|---|---|
| Product | Endpointman (5a9ed864-8817-52ba-8248-030e154e3682) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-61678 |
vulnerable | 2026-06-03 15:07:57.003399 |
FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand parameter. The fwbrand parameter allows an attacker to change the file path. Combined, these issues can result in a webshell being uploaded. Authentication with a known username is required to exploit this vulnerability. Successful exploitation allows authenticated users to upload arbitrary files to attacker-controlled paths on the server, potentially leading to remote code execution. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
Published: 2025-10-14T19:33:29.934Z
Updated: 2026-02-26T16:57:57.778Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47071 |
vulnerable | 2026-06-03 14:57:00.577961 |
OSS Endpoint Manager allows unauthorized access to read system files
MEDIUM (6.8)
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
Published: 2024-10-01T15:40:46.257Z
Updated: 2026-02-13T21:52:08.659Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.