Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreePBX DISA模块 SQL注入漏洞
Vulnerability Description
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。DISA module是其中的一个DISA(Direct Inward System Access,直接向内系统访问)模块。 FreePBX 13版本和14版本中的DISA模块存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A