CVE-2026-44238 FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238 FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

CVE-2026-44238

CVE-2026-44238 affects FreePBX (open source IP PBX). The vulnerability is an SQL injection in the CDR Reports module page via the order and sort POST parameters. Authentication is required through a FreePBX Admin Control Panel account with CDR section access; full admin privileges are not necessa...

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI web-based graphical interface. Versions of FreePBX prior to 16.0.50 and 17.0.11 contained a SQL injection vulnerability. This vulnerability stemmed from the CDR Reports...

CVE-2026-28210

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...

CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...

CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...

CVE-2026-28210

This entry concerns CVE-2026-28210 affecting FreePBX (open source IP PBX). The vulnerability lies in the cdr (Call Data Record) module, where an SQL query injection affects versions prior to 16.0.49 and 17.0.7. The issue is caused by unsafe SQL construction within the cdr component, leading to po...

EUVD-2005-2212

Malware in sbrugna...

EUVD-2021-1535

Malware in sbrugna...

EUVD-2020-24085

Malware in sbrugna...

EUVD-2025-28386

Malicious code in bioql PyPI...

CVE-2025-5107

A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xmlcdr/xmlcdrdetails.php. The manipulation of the argument uuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

CVE-2020-36630

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...

Wiz Named #1 CDR Solution by G2

Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews...

CVE-2024-20798 Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.

Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details CVEID:CVE-2023-28527 DESCRIPTION: IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a...

Cloud Security Predictions at AWS re:Invent 2023

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response CDR and what’s trending in cloud security...