2 matches found
PT-2018-17528 · Sangoma · Freepbx
Name of the Vulnerable Software and Affected Versions: FreePBX versions 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 Description: The issue allows post-authentication SQL injection via the order parameter. It is noted that the vendor disputes this issue, stating it is intentional for users ...
FreePBX SQL Injection Vulnerability
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A SQL injection vulnerability exists in FreePBX version 10.13.66-32bit. The vulnerability can be exploited by a...