CVE-2018-15892 Information
Feb 14, 2021
cve
Description
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Reference
https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection https://www.freepbx.org/
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
4.3
Share on: