2 matches found
CVE-2026-9587
CVE-2026-9587 describes an authenticated local file inclusion in Sangoma Switchvox SMB Edition 8.3 (104997). The issue resides in the play_file function where the sound_path input is not properly validated, allowing an attacker to supply absolute paths to read files outside the intended directory...
PT-2026-60810
An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...