支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-57819 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
FreePBX 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 15.0.66版本和17.0.3之前版本存在安全漏洞,该漏洞源于用户数据清理不足,可能导致未经验证访问管理员界面及远程代码执行。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
FreePBXendpoint < 15.0.66 -
二、漏洞 CVE-2025-57819 的公开POC
#POC 描述源链接神龙链接
1Detection for CVE-2025-57819https://github.com/rxerium/CVE-2025-57819POC详情
2This is repository contains a script to check for current IOCs listed in the freepbx forum topic of the CVE-2025-57819https://github.com/Sucuri-Labs/CVE-2025-57819-ioc-checkPOC详情
3FreePBX SQL Injection Exploithttps://github.com/blueisbeautiful/CVE-2025-57819POC详情
4A write up of CVE-2025-57819, a vulnerability affecting FreePBX 15, 16, and 17https://github.com/net-hex/CVE-2025-57819POC详情
5FreePBX CVE-2025-57819 lab (Docker) + Nuclei POC for unauth SQLi (time-based).https://github.com/ImBIOS/lab-cve-2025-57819POC详情
6CVE-2025-57819https://github.com/B1ack4sh/Blackash-CVE-2025-57819POC详情
7FreePBX backdoor cleanup script used in 0-day exploitation of CVE-2025-57819 was detected. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/backdoor/freepbx-cleanup-backdoor.yamlPOC详情
8Nonehttps://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819POC详情
9FreePBX 15, 16, and 17 contain a remote code execution caused by insufficiently sanitized user-supplied data in endpoints, letting unauthenticated attackers manipulate the database and execute code remotely, exploit requires no authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-57819.yamlPOC详情
10FreePBX SQL Injection Exploithttps://github.com/brokendreamsclub/CVE-2025-57819POC详情
11FreePBX versions 15, 16, and 17 contain a Remote Code Execution (RCE) vulnerability caused by insufficient sanitization of user-supplied data in endpoints.https://github.com/MuhammadWaseem29/SQL-Injection-and-RCE_CVE-2025-57819POC详情
12Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting.https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoCPOC详情
13This repository includes two PoC scripts for CVE-2025-57819 in FreePBX: one to create a new admin user (poc_admin.py), and another to extract credentials using sqlmap (poc_auto_get_username_pass.py). For educational and authorized use only.https://github.com/orange0Mint/CVE-2025-57819_FreePBXPOC详情
14🔍 Detect SQL injection risks in FreePBX's admin interface safely and efficiently, providing actionable insights and clean JSON reports for security teams.https://github.com/JakovBis/CVE-2025-57819_FreePBX-PoCPOC详情
15CVE-2025-57819https://github.com/Ashwesker/Blackash-CVE-2025-57819POC详情
16Detects vulnerable FreePBX versions affected by CVE-2025-57819.https://github.com/cybertechajju/cve-2025-57819POC详情
17CVE-2025-57819https://github.com/Ashwesker/Ashwesker-CVE-2025-57819POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-57819 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2025-57819 的评论

暂无评论

发表评论