Lucene search
K

4 matches found

NVD
NVD
added 2018/01/29 8:29 p.m.15 views

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

7.2CVSS7.4AI score0.02241EPSS
Exploits1References3
OSV
OSV
added 2018/01/29 8:29 p.m.5 views

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

7.2CVSS7.8AI score
Exploits0References3
Cvelist
Cvelist
added 2018/01/29 8:0 p.m.15 views

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

7.4AI score0.02241EPSS
Exploits1References3
CVE
CVE
added 2018/01/29 8:0 p.m.57 views

CVE-2018-6393

The CVE-2018-6393 issue affects FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2). It enables post-authentication SQL injection via the order parameter in the administration interface. The vendor notes it is intentional that a user with access can modify SQL tables or execute shell scr...

7.2CVSS7.3AI score0.02241EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder