CVE-2025-57819

This PoC exploits CVE-2025-57819, a pre-auth RCE vulnerability in FreePBX, by leveraging SQL injection to either upload a PHP webshell or add a new user. It demonstrates the vulnerability by generating detection artifacts.

This repository provides a writeup and Nuclei templates for detecting and validating CVE-2025-57819, an authentication bypass vulnerability in FreePBX. It includes a detection template and an exploit PoC template for creating a temporary admin user.

This is a functional exploit for CVE-2025-57819, targeting a critical SQL injection vulnerability in FreePBX versions 15-17. The exploit includes time-based detection, database information extraction, and webshell upload capabilities.

This repository provides a Nuclei template to detect vulnerable FreePBX versions (16.0.0.0–16.0.88.19 or 17.0.0.0–17.0.2.31) affected by CVE-2025-57819, an unauthenticated privilege escalation/RCE vulnerability in the Endpoint Manager module.

This repository contains a Python-based SQL injection checker for CVE-2025-57819, targeting FreePBX's `/admin/ajax.php` endpoint. It employs error-based, boolean-based, and time-based techniques to detect SQLi vulnerabilities in the `template`, `model`, and `brand` parameters without modifying the database.

This repository provides a working proof-of-concept for CVE-2025-57819, an unauthenticated SQL injection vulnerability in FreePBX 15's `userman` AJAX endpoints, which can be chained to achieve remote code execution. It includes a Docker-based lab environment, a Nuclei template for detection, and scripts to validate the vulnerability.

This repository contains a detailed technical writeup for CVE-2025-57819, an SQL injection vulnerability in FreePBX that allows unauthenticated remote code execution. The writeup explains the root cause, attack flow, and indicators of compromise.

This repository contains two Python PoC scripts for CVE-2025-57819, an unauthenticated SQL injection vulnerability in FreePBX. The scripts demonstrate admin user creation and credential extraction via SQLMap.

This PoC demonstrates an unauthenticated SQL injection vulnerability in FreePBX versions 15, 16, and 17, leading to remote code execution. The exploit uses a crafted curl request to extract database user information, confirming the vulnerability.

This repository provides a bash script to scan for indicators of compromise (IoCs) related to CVE-2025-57819, an authentication bypass vulnerability in FreePBX endpoint modules leading to SQL injection and RCE. The script checks for exploit artifacts, suspicious logs, and database entries.

This Metasploit module exploits an unauthenticated SQL injection in FreePBX's ajax.php endpoint to achieve remote code execution by scheduling a cronjob via SQL injection. The exploit is reliable and includes cleanup functionality.