EIP-2026-107234

This exploit demonstrates an unauthenticated SQL injection vulnerability in FreePBX 13.0.35 via the 'display' parameter, which is passed unsanitized to a SQL query. The PoC includes a time-based blind SQL injection example.