| Summary | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11. |
|---|---|
| Publication Date | May 29, 2026, 11:16 p.m. |
| Registration Date | May 30, 2026, 4:14 a.m. |
| Last Update | May 30, 2026, 12:06 a.m. |