CVE-2018-15892
MEDIUMFreePBX DISA < 13.0.6.2 - SQL Injection via hangup Variable
Title source: llmDescription
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.freepbx.org/
Vendor Advisory x_refsource_confirm
https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection
Scores
CVSS v3
4.3
EPSS
0.0053
EPSS Percentile
41.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-89
Status
published
Products (1)
freepbx/disa
< 13.0.6.2
Published
Jun 20, 2019
Tracked Since
Feb 18, 2026