CVE-2024-58294

HIGH

FreePBX 16 - Authenticated Remote Code Execution via API Module Generatedocs Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58294. PoCs published by Cold z3ro.

AI-analyzed exploit summary This PHP script exploits an authenticated RCE vulnerability in FreePBX versions 14-16 by injecting a bash reverse shell command via the 'scopes' parameter in the API module. The exploit uses cURL to send a malicious payload to the target, triggering a reverse shell connection to the attacker's specified IP and port.

Description

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

Exploits (1)

exploitdb WORKING POC

by Cold z3ro · phpwebappsphp

https://www.exploit-db.com/exploits/52031

View Code ZIP pw:eip

This PHP script exploits an authenticated RCE vulnerability in FreePBX versions 14-16 by injecting a bash reverse shell command via the 'scopes' parameter in the API module. The exploit uses cURL to send a malicious payload to the target, triggering a reverse shell connection to the attacker's specified IP and port.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FreePBX 14, 15, 16

Auth required

Prerequisites: Valid PHPSESSID (authenticated session) · Network access to the target FreePBX instance · Attacker-controlled server to receive the reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/52031

Product product

https://www.freepbx.org/

Exploit product

https://www.youtube.com/watch?v=rqFJ0BxwlLI

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/freepbx-authenticated-remote-code-execution-via-api-module

Scores

CVSS v3 8.8

EPSS 0.0312

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

FreePBX/FreePBX 16

sangoma/freepbx 16.0

Published Dec 11, 2025

Tracked Since Feb 18, 2026