3 matches found
CVE-2026-46512
Frogman (headless PBX control) before v1.6.2 allowed fm_dialplan_apply to interpolate template parameters (greeting, dest, url, extension, code, file) into Dialplan/Templates.php output that could be written to extensions_custom.conf. In Dialplan/TemplateBase.php, insufficient sanitization of con...
CVE-2026-46513
Summary: Frogman prior to version 1.6.2 stored API tokens in plaintext as raw hex strings in the oc_api_tokens table and validated the X-Frogman-Token header by directly comparing it to the stored value, enabling database read access to reusable tokens at their permission level (including admin)....
CVE-2026-46514
Frogman (headless PBX control via MCP/HTTP API) had a vulnerability prior to version 1.6.2 where returned a plaintext password and returned a plaintext secret. Frogman.class.php:2207-2211 JSON-encoded these values in , enabling any PERM_READ caller with access to to recover stored credentials....