4 matches found
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...
CVE-2018-6393
FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...
CVE-2018-6393
The CVE-2018-6393 issue affects FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2). It enables post-authentication SQL injection via the order parameter in the administration interface. The vendor notes it is intentional that a user with access can modify SQL tables or execute shell scr...