CVE-2014-1903

N/A Unknown

Published: February 18, 2014 Modified: April 29, 2026

Description

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

Source: cve@mitre.org

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

Source: cve@mitre.org

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

Source: cve@mitre.org

http://issues.freepbx.org/browse/FREEPBX-7117

Source: cve@mitre.org

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Source: cve@mitre.org

Vendor Advisory

http://osvdb.org/103240

Source: cve@mitre.org

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

Source: cve@mitre.org

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531040/100/0/threaded

Source: cve@mitre.org

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429

Source: af854a3a-2127-422b-91ae-364da2661108

http://issues.freepbx.org/browse/FREEPBX-7117

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://issues.freepbx.org/browse/FREEPBX-7123

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/103240

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/531040/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/0x00string/oldays/blob/master/CVE-2014-1903.pl

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

84.5%

99th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

sangoma freepbx

Related CVEs

CVE-2026-7605 6.3

CVE-2026-43058 N/A

CVE-2026-7647 8.1

CVE-2026-7049 7.2

CVE-2026-6916 6.4