CVE-2026-46512
Frogman (headless PBX control) before v1.6.2 allowed fm_dialplan_apply to interpolate template parameters (greeting, dest, url, extension, code, file) into Dialplan/Templates.php output that could be written to extensions_custom.conf. In Dialplan/TemplateBase.php, insufficient sanitization of con...