FreePBX exploit (ticket 7123 – 6/2/14)

Earlier today Schmooze announced a critical exploit in FreePBX – http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

SysAdminMan systems come deployed with Apache security in place to prevent direct access to the FreePBX web pages and are not directly affected by this. However, it is recommended that all customers update to a non vulnerable version of the FreePBX framework module.

If you have a FreePBX system that is generally accessible from the internet with no additional security (not recommended) you should check the details of the exploit and update now.