CVE-2026-28210

High CVSS: 8.6

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.

Vendor

Sangoma

Product

Freepbx

CWE

CWE-89

Yayın Tarihi

2026-03-05 19:16:14

Güncelleme

2026-03-06 18:41:03

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Freepbx HIGH Sangoma 2026

Referanslar

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-59gp-632h-c54v

Benzer Kayıtlar

High

CVE-2026-28287

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28284

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several aut…

Low

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, F…

Low

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1…

Low

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1…