CNNVD-202512-423 Information
Dec 04, 2025
cve
CNNVD ID
CNNVD-202512-423
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX存在SQL注入漏洞,该漏洞源于Endpoint Module Rest API中存在经过身份验证的SQL注入。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX has an injection loophole in SQL, which originates from an ID-based SQL injection in Endpoint Modeule Rest API.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
FreePBX
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-q3h9-fmpr-vpfw https://access.redhat.com/security/cve/cve-2025-62173
Patch
https://www.freepbx.org/downloads/
Share on: