2021 Freepbx 2.8.1.4 Exploit Jun 2026

GET /shell.php?cmd=id HTTP/1.1

FreePBX version 2.8.x and earlier are susceptible to multiple high-risk flaws. The most prominent issue involves how the system handles user-supplied data in specific PHP scripts: freepbx 2.8.1.4 exploit

– Several modules allowed command injection via unsanitized user input in config.php or _REQUEST parameters. Example vulnerable endpoints included /recordings/index.php and /ajax.php . GET /shell

In version 2.8.0 and below, a directory traversal flaw (CVE-2010-3490) in the System Recordings component allows authenticated administrators to create arbitrary files, which can then be used to plant a web shell. freepbx 2.8.1.4 exploit