Vulnerability Database

312,922

Total vulnerabilities in the database

CVE-2024-58294

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

Published: Dec 11, 2025
Updated: Dec 17, 2025
CVE: CVE-2024-58294
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
sangoma / freepbx	16.0	16.0.x

https://www.exploit-db.com/exploits/52031
https://www.freepbx.org/
https://www.vulncheck.com/advisories/freepbx-authenticated-remote-code-execution-via-api-module
https://www.youtube.com/watch?v=rqFJ0BxwlLI

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo