CVE-2026-28284

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.10 FreePBX versions prior to 17.0.5

Description FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. These issues allow an attacker with valid credentials to potentially manipulate database queries.

Recommendations Update to FreePBX version 16.0.10 or later. Update to FreePBX version 17.0.5 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-28284

GHSA-4887-4JWP-327G

Affected Products

Freepbx

CVE-2026-28284

Weakness Enumeration

Related Identifiers

Affected Products

References · 9