{"id":"CVE-2019-19538","details":"In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.","modified":"2026-04-10T04:16:21.794130Z","published":"2020-03-16T21:15:12.060Z","references":[{"type":"WEB","url":"https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-00"},{"type":"ADVISORY","url":"https://wiki.freepbx.org/display/FOP/2019-12-03+Remote+Command+Execution"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freepbx/framework","events":[{"introduced":"0"},{"fixed":"71349862075c0686aedb4176ebab4f5c17da608c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"13.0.92"}]}}],"versions":["release/12.0.0.0alpha1.0","release/12.0.1alpha1","release/12.0.1alpha10","release/12.0.1alpha11","release/12.0.1alpha12","release/12.0.1alpha13","release/12.0.1alpha14","release/12.0.1alpha16","release/12.0.1alpha17","release/12.0.1alpha18","release/12.0.1alpha19","release/12.0.1alpha2","release/12.0.1alpha20","release/12.0.1alpha21","release/12.0.1alpha22","release/12.0.1alpha23","release/12.0.1alpha24","release/12.0.1alpha25","release/12.0.1alpha26","release/12.0.1alpha27","release/12.0.1alpha28","release/12.0.1alpha29","release/12.0.1alpha3","release/12.0.1alpha30","release/12.0.1alpha31","release/12.0.1alpha32","release/12.0.1alpha4","release/12.0.1alpha5","release/12.0.1alpha7","release/13.0.10","release/13.0.11","release/13.0.12","release/13.0.13","release/13.0.14","release/13.0.15","release/13.0.16","release/13.0.17","release/13.0.18","release/13.0.19","release/13.0.1RC1.20","release/13.0.1RC1.21","release/13.0.1RC1.22","release/13.0.1RC1.23","release/13.0.1RC1.24","release/13.0.1RC1.25","release/13.0.1RC1.26","release/13.0.1RC1.27","release/13.0.1RC1.28","release/13.0.1RC1.30","release/13.0.1alpha10","release/13.0.1alpha11","release/13.0.1alpha12","release/13.0.1alpha14","release/13.0.1alpha15","release/13.0.1alpha16","release/13.0.1alpha17","release/13.0.1alpha18","release/13.0.1alpha19","release/13.0.1alpha2","release/13.0.1alpha20","release/13.0.1alpha21","release/13.0.1alpha22","release/13.0.1alpha23","release/13.0.1alpha24","release/13.0.1alpha25","release/13.0.1alpha26","release/13.0.1alpha27","release/13.0.1alpha28","release/13.0.1alpha29","release/13.0.1alpha3","release/13.0.1alpha30","release/13.0.1alpha31","release/13.0.1alpha32","release/13.0.1alpha33","release/13.0.1alpha34","release/13.0.1alpha35","release/13.0.1alpha36","release/13.0.1alpha37","release/13.0.1alpha38","release/13.0.1alpha39","release/13.0.1alpha4","release/13.0.1alpha40","release/13.0.1alpha41","release/13.0.1alpha42","release/13.0.1alpha43","release/13.0.1alpha44","release/13.0.1alpha45","release/13.0.1alpha46","release/13.0.1alpha47","release/13.0.1alpha48","release/13.0.1alpha49","release/13.0.1alpha5","release/13.0.1alpha50","release/13.0.1alpha51","release/13.0.1alpha52","release/13.0.1alpha53","release/13.0.1alpha54","release/13.0.1alpha55","release/13.0.1alpha56","release/13.0.1alpha57","release/13.0.1alpha58","release/13.0.1alpha59","release/13.0.1alpha6","release/13.0.1alpha60","release/13.0.1alpha61","release/13.0.1alpha62","release/13.0.1alpha63","release/13.0.1alpha64","release/13.0.1alpha65","release/13.0.1alpha66","release/13.0.1alpha67","release/13.0.1alpha68","release/13.0.1alpha69","release/13.0.1alpha7","release/13.0.1alpha8","release/13.0.1alpha9","release/13.0.1beta1","release/13.0.1beta2","release/13.0.1beta3","release/13.0.1beta3.1","release/13.0.1beta3.10","release/13.0.1beta3.11","release/13.0.1beta3.12","release/13.0.1beta3.13","release/13.0.1beta3.14","release/13.0.1beta3.15","release/13.0.1beta3.16","release/13.0.1beta3.17","release/13.0.1beta3.18","release/13.0.1beta3.19","release/13.0.1beta3.2","release/13.0.1beta3.20","release/13.0.1beta3.21","release/13.0.1beta3.22","release/13.0.1beta3.23","release/13.0.1beta3.24","release/13.0.1beta3.25","release/13.0.1beta3.3","release/13.0.1beta3.4","release/13.0.1beta3.5","release/13.0.1beta3.53","release/13.0.1beta3.54","release/13.0.1beta3.55","release/13.0.1beta3.56","release/13.0.1beta3.57","release/13.0.1beta3.58","release/13.0.1beta3.59","release/13.0.1beta3.6","release/13.0.1beta3.60","release/13.0.1beta3.61","release/13.0.1beta3.62","release/13.0.1beta3.63","release/13.0.1beta3.7","release/13.0.1beta3.9","release/13.0.20","release/13.0.22","release/13.0.23","release/13.0.24","release/13.0.25","release/13.0.26","release/13.0.27","release/13.0.28","release/13.0.29","release/13.0.30","release/13.0.31","release/13.0.33","release/13.0.34","release/13.0.35","release/13.0.36","release/13.0.37","release/13.0.38","release/13.0.39","release/13.0.4","release/13.0.41","release/13.0.42","release/13.0.43","release/13.0.44","release/13.0.45","release/13.0.46","release/13.0.47","release/13.0.48","release/13.0.49","release/13.0.5","release/13.0.50","release/13.0.51","release/13.0.52","release/13.0.53","release/13.0.54","release/13.0.55","release/13.0.56","release/13.0.57","release/13.0.58","release/13.0.59","release/13.0.6","release/13.0.60","release/13.0.61","release/13.0.61.1","release/13.0.61.2","release/13.0.61.3","release/13.0.61.4","release/13.0.62","release/13.0.63","release/13.0.64","release/13.0.65","release/13.0.66","release/13.0.67","release/13.0.68","release/13.0.69","release/13.0.7","release/13.0.70","release/13.0.71","release/13.0.72","release/13.0.73","release/13.0.74","release/13.0.76","release/13.0.77","release/13.0.78","release/13.0.79","release/13.0.8","release/13.0.80","release/13.0.81","release/13.0.82","release/13.0.83","release/13.0.84","release/13.0.85","release/13.0.86","release/13.0.87","release/13.0.88","release/13.0.89","release/13.0.9","release/13.0.90","release/13.0.91","release/2.11.0.0","release/2.11.0.0beta1.0","release/2.11.0.0beta1.1","release/2.11.0.0beta1.2","release/2.11.0.0beta1.3","release/2.11.0.0beta1.4","release/2.11.0.0beta1.5","release/2.11.0.0beta2.0","release/2.11.0.0beta2.1","release/2.11.0.0beta2.2","release/2.11.0.0beta2.3","release/2.11.0.0beta2.4","release/2.11.0.0beta2.5","release/2.11.0.0beta2.6","release/2.11.0.0beta2.8","release/2.11.0.0beta2.9","release/2.11.0.0rc1.0","release/2.11.0.0rc1.1","release/2.11.0.0rc1.2","release/2.11.0.0rc1.3","release/2.11.0.0rc1.4","release/2.11.0.0rc1.5","release/2.11.0.0rc1.7","release/2.11.0.1","release/2.11.0.10","release/2.11.0.11","release/2.11.0.2","release/2.11.0.3","release/2.11.0.4","release/2.11.0.5","release/2.11.0.6","release/2.11.0.7","release/2.11.0.8","release/2.11.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19538.json","unresolved_ranges":[{"events":[{"introduced":"14.0.0.0"},{"fixed":"14.0.38.3"}]},{"events":[{"introduced":"15.0.0.0"},{"fixed":"15.0.13.6"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}