CNNVD-202510-1742 Information
CNNVD ID
CNNVD-202510-1742
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
FreePBX Endpoint Manager是FreePBX开源的一款集中管理IP电话终端配置模块。 FreePBX Endpoint Manager 16.0.92之前版本和17.0.6之前版本存在SQL注入漏洞,该漏洞源于basestation、model、firmware和custom extension配置功能区域存在多个参数存在SQL注入漏洞,可能导致执行任意SQL查询。
Description (English)
FreePBX Endpoint Manager is a centralized IP telephone terminal configuration module for FreePBX open source. FreePBX Endpoint Manager 16.0.92 and 17.0.6 had an injection loophole in SQL, which stemmed from multiple parameters in the regions where there were configurations of Bassistation, Model, Fairmware and Custom EXtension, which could lead to any SQL query.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
FreePBX
Published
2025-10-14
Last Modified
2026-02-24
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-292p-rj6h-54cp https://access.redhat.com/security/cve/cve-2025-61675
Patch
https://www.freepbx.org/downloads/
Share on: