CVE-2010-3490

FreePBX < 2.8.0 - Authenticated Path Traversal and Arbitrary File Write via System Recordings Component

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3490. PoCs published by Trustwave's SpiderLabs, moayadalmalat.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in FreePBX's recordings interface, allowing remote code execution by manipulating the file upload process to save malicious files in arbitrary locations accessible by the web server.

Description

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textwebappsphp

https://www.exploit-db.com/exploits/15098

View Code ZIP pw:eip

This exploit demonstrates a path traversal vulnerability in FreePBX's recordings interface, allowing remote code execution by manipulating the file upload process to save malicious files in arbitrary locations accessible by the web server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FreePBX 2.8.0 and below

Auth required

Prerequisites: Access to FreePBX admin interface · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by moayadalmalat · poc

https://github.com/moayadalmalat/CVE-2010-3490

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2010-3490, targeting FreePBX versions <= 2.8.0. The exploit leverages a file upload vulnerability to achieve remote code execution by uploading a malicious PHP file.