Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreePBX 安全漏洞
Vulnerability Description
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX存在安全漏洞,该漏洞源于从官方 ISO 镜像安装期间,在 Asterisk 全局变量列表中添加 AMPDBUSER、AMPDBPASS、AMPMGRUSER、AMPMGRPASS 变量,这些变量会公开 Asterisk 数据库的明文身份验证凭据(MariaDB/ MySQL) 和 Asterisk Manager接
CVSS Information
N/A
Vulnerability Type
N/A