hyp164D1/CVE-2024-53564.txt

## CVE-2024-53564.txt
[CVE ID]
CVE-2024-53564

[Description]
An authenticated arbitrary file upload vulnerability in the component
/module_admin/upload.php of freepbx v17.0.19.17 allows attackers to
execute arbitrary code via uploading a crafted file.

------------------------------------------

[Additional Information]
Malicious file upload
Please handle it as soon as possible

------------------------------------------

[Vulnerability Type]
Insecure Permissions

------------------------------------------

[Vendor of Product]
FreePBX

------------------------------------------

[Affected Product Code Base]
freepbx - freepbx 17.0.19.17

------------------------------------------

[Affected Component]
upload.php,page.modules.php,modulefunctions.class.php

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Impact Escalation of Privileges]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
A malicious virus with a backdoor and a shell added,remote attack.

------------------------------------------

[Reference]
https://www.freepbx.org/freepbx17/
https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/views/module_admin/upload.php#L42
https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/page.modules.php#L752
https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/libraries/modulefunctions.class.php#L1756
	[CVE ID]
	CVE-2024-53564

	[Description]
	An authenticated arbitrary file upload vulnerability in the component
	/module_admin/upload.php of freepbx v17.0.19.17 allows attackers to
	execute arbitrary code via uploading a crafted file.

	------------------------------------------

	[Additional Information]
	Malicious file upload
	Please handle it as soon as possible

	------------------------------------------

	[Vulnerability Type]
	Insecure Permissions

	------------------------------------------

	[Vendor of Product]
	FreePBX

	------------------------------------------

	[Affected Product Code Base]
	freepbx - freepbx 17.0.19.17

	------------------------------------------

	[Affected Component]
	upload.php,page.modules.php,modulefunctions.class.php

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Code execution]
	true

	------------------------------------------

	[Impact Escalation of Privileges]
	true

	------------------------------------------

	[Impact Information Disclosure]
	true

	------------------------------------------

	[Attack Vectors]
	A malicious virus with a backdoor and a shell added,remote attack.

	------------------------------------------

	[Reference]
	https://www.freepbx.org/freepbx17/
	https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/views/module_admin/upload.php#L42
	https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/page.modules.php#L752
	https://github.com/FreePBX/framework/blob/3f3148e32b774ba7c53ffe35c3ce06cddc1ec174/amp_conf/htdocs/admin/libraries/modulefunctions.class.php#L1756