SQL Injection Vulnerability in FreePBX 13 and 14 DISA Module

SQL Injection Vulnerability in FreePBX 13 and 14 DISA Module

CVE-2018-15892 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.