SQL Injection Vulnerability in FreePBX 13 and 14 DISA Module
CVE-2018-15892 · MEDIUM Severity
AV:N/AC:M/AU:S/C:P/I:P/A:P
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.