CVE-2024-53564

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 3, 2024
CWE ID 94

Summary

CVE-2024-53564 is a severe vulnerability affecting FreePBX version 17.0.19.17. The issue lies in FreePBX's failure to verify file types and restrict user access paths, allowing attackers to upload malicious files remotely. By doing so, they can gain control over the FreePBX server and access the default directory where uploaded files are stored, potentially resulting in serious consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share