CVE-2026-28210

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.49 FreePBX versions prior to 17.0.7

Description FreePBX module cdr (Call Data Record) is susceptible to SQL query injection. The issue allows for potential manipulation of database queries through crafted input.

Recommendations Update to FreePBX version 16.0.49 or later. Update to FreePBX version 17.0.7 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-28210

GHSA-59GP-632H-C54V

Affected Products

Freepbx

CVE-2026-28210

Weakness Enumeration

Related Identifiers

Affected Products

References · 9