CVE-2014-7235

NONE EPSS 98.6%
Published Oct 7, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 7, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Threat Intelligence

EPSS Exploit Probability
98.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 22

VendorProductVersionRange
freepbxfreepbx2.10.0.0any
freepbxfreepbx2.10.0.1any
freepbxfreepbx2.10.0.2any
freepbxfreepbx2.10.0.3any
freepbxfreepbx2.10.0.4any
freepbxfreepbx2.10.0.5any
freepbxfreepbx2.10.0.6any
freepbxfreepbx2.10.0.7any
freepbxfreepbx2.10.0.8any
freepbxfreepbx2.10.0.9any
freepbxfreepbx2.10.0.10any
freepbxfreepbx2.11.1.0any
freepbxfreepbx2.11.1.1any
freepbxfreepbx2.11.1.2any
freepbxfreepbx2.11.1.3any
freepbxfreepbx2.11.1.4any
sangomafreepbx* ≤2.9.0.8
sangomafreepbx2.11.0.0any
sangomafreepbx2.11.0.1any
sangomafreepbx2.11.0.2any
sangomafreepbx2.11.0.3any
sangomafreepbx2.11.0.4any

References 7

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.