CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238

CVE-2026-44238 affects FreePBX (open source IP PBX). The vulnerability is an SQL injection in the CDR Reports module page via the order and sort POST parameters. Authentication is required through a FreePBX Admin Control Panel account with CDR section access; full admin privileges are not necessa...

CVE-2026-44238 FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

PT-2026-44843

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI web-based graphical interface. Versions of FreePBX prior to 16.0.50 and 17.0.11 contained a SQL injection vulnerability. This vulnerability stemmed from the CDR Reports...

PT-2023-2001 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.50 Description: The issue is related to insufficient access control to the registry, allowing an adversary with full administrative access to modify a McAfee specific Component Object Model COM i...

CVE-2023-24577

CVE-2023-24577 : McAfee Total Protection prior to 16.0.50 is affected by an improper link resolution issue via registry keys, enabling local privilege escalation for users with lower privileges. The vulnerability is tied to the product’s handling of registry keys, resulting in the ability to elev...

McAfee Total Protection 后置链接漏洞

McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. A security vulnerability exists in McAfee Total Protection prior to version 16.0.50, which stems from incorrect link resolution. The vulnerability can be exploited by an attacker to elevate user privileges via the...