{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "13.0.0.0" }, { "last_affected": "13.0.197.13" }, { "introduced": "14.0.0.0" }, { "last_affected": "14.0.13.11" }, { "introduced": "15.0.0.0" }, { "last_affected": "15.0.16.26" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "fc03c2457d2ddbd5ce9516cb150ddcf8b8f2a78a" }, { "introduced": "0" }, { "last_affected": "77af77af5bbdb58ec1fde00f440cc16ddfc7c229" }, { "introduced": "0" }, { "last_affected": "5b622696aad2d21dcaf1502112f7d0248bad5ecf" } ], "repo": "https://github.com/freepbx/framework", "type": "GIT" } ] } ], "details": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.", "id": "CVE-2019-19006", "modified": "2026-04-01T23:10:11.487349640Z", "published": "2019-11-21T18:15:11.993Z", "references": [ { "type": "WEB", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19006" }, { "type": "WEB", "url": "https://pastebin.com/2CdsQMKW" }, { "type": "ADVISORY", "url": "https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772" }, { "type": "ADVISORY", "url": "https://wiki.freepbx.org/display/FOP/2019-11-20+Remote+Admin+Authentication+Bypass" }, { "type": "ARTICLE", "url": "https://www.freepbx.org/category/blog/" }, { "type": "EVIDENCE", "url": "https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }