CVE-2025-57819

This PoC exploits CVE-2025-57819, a pre-auth RCE vulnerability in FreePBX, by leveraging SQL injection to either upload a PHP webshell or add a new user. It demonstrates the vulnerability by generating detection artifacts.

This repository provides a writeup and Nuclei templates for detecting and validating CVE-2025-57819, an authentication bypass vulnerability in FreePBX. It includes a detection template and an exploit PoC template for creating a temporary admin user.

This repository contains a functional exploit for CVE-2025-57819, a critical SQL injection vulnerability in FreePBX versions 15-17. The exploit demonstrates unauthenticated SQL injection leading to authentication bypass and potential RCE through webshell upload.

This repository contains a functional exploit for CVE-2025-57819, a critical SQL injection vulnerability in FreePBX versions 15-17. The exploit demonstrates unauthenticated SQL injection leading to authentication bypass and potential RCE through webshell upload.

This is a functional exploit for CVE-2025-57819, targeting a critical SQL injection vulnerability in FreePBX versions 15-17. The exploit includes time-based detection, database information extraction, and webshell upload capabilities.

This repository contains a functional exploit for CVE-2025-57819, which chains an unauthenticated SQL injection (CVE-2025-57819) with an authenticated file upload vulnerability (CVE-2025-61678) to achieve remote code execution on FreePBX 16. The exploit creates an admin user via SQL injection, logs in, and uploads a PHP webshell to gain RCE.

This repository provides a Nuclei template to detect vulnerable FreePBX versions (16.0.0.0–16.0.88.19 or 17.0.0.0–17.0.2.31) affected by CVE-2025-57819, an unauthenticated privilege escalation/RCE vulnerability in the Endpoint Manager module.

This repository contains a Python-based SQL injection checker for CVE-2025-57819, targeting FreePBX's `/admin/ajax.php` endpoint. It employs error-based, boolean-based, and time-based techniques to detect SQLi vulnerabilities in the `template`, `model`, and `brand` parameters without modifying the database.

This repository provides a working proof-of-concept for CVE-2025-57819, an unauthenticated SQL injection vulnerability in FreePBX 15's `userman` AJAX endpoints, which can be chained to achieve remote code execution. It includes a Docker-based lab environment, a Nuclei template for detection, and scripts to validate the vulnerability.

This repository contains a detailed technical writeup for CVE-2025-57819, an SQL injection vulnerability in FreePBX that allows unauthenticated remote code execution. The writeup explains the root cause, attack flow, and indicators of compromise.

This repository contains a functional exploit PoC that chains CVE-2025-57819 (stacked SQL injection) and CVE-2025-61678 (authenticated file upload) to achieve Remote Code Execution (RCE) on FreePBX. The exploit first creates an admin account via SQLi, authenticates, and then uploads a PHP webshell for command execution.

This repository contains a functional exploit for CVE-2025-57819, an unauthenticated SQL injection vulnerability in FreePBX's endpoint module. The exploit chains SQLi to achieve RCE via cron job insertion and escalates to root via incron and fwconsole hooks.

This repository contains a functional exploit for CVE-2025-57819, demonstrating an unauthenticated SQL injection in FreePBX's Endpoint Manager module that leads to remote code execution via a cron-scheduled PHP webshell. The exploit injects a malicious cron job that writes a webshell to the web root, allowing command execution.

This repository contains a functional exploit for CVE-2025-57819, an unauthenticated SQL injection in FreePBX's endpoint module leading to remote code execution via cron job injection. The exploit supports staged reverse shell and admin user creation modes.

This repository contains a functional exploit for CVE-2025-57819, an unauthenticated SQL injection in FreePBX that leads to remote code execution via cron job manipulation. The exploit confirms the vulnerability, injects a reverse shell into the cron_jobs table, and establishes an interactive shell.

This repository contains two Python PoC scripts for CVE-2025-57819, an unauthenticated SQL injection vulnerability in FreePBX. The scripts demonstrate admin user creation and credential extraction via SQLMap.

This PoC demonstrates an unauthenticated SQL injection vulnerability in FreePBX versions 15, 16, and 17, leading to remote code execution. The exploit uses a crafted curl request to extract database user information, confirming the vulnerability.

This repository provides a bash script to scan for indicators of compromise (IoCs) related to CVE-2025-57819, an authentication bypass vulnerability in FreePBX endpoint modules leading to SQL injection and RCE. The script checks for exploit artifacts, suspicious logs, and database entries.

This Metasploit module exploits an unauthenticated SQL injection in FreePBX's ajax.php endpoint to achieve remote code execution by scheduling a cronjob via SQL injection. The exploit is reliable and includes cleanup functionality.