3 matches found
CVE-2026-44238 FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports
FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...
EUVD-2026-9856
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...
Free PBX Phone System v2.x v3.x - Multiple Vulnerabilities
Document Title: =============== Free PBX Phone System v2.x v3.x - Multiple Vulnerabilities Release Date: ============= 2011-08-08 Vulnerability Laboratory ID VL-ID: ==================================== 79 Product & Service Introduction: =============================== Its Hard to Beat Free FreePB...