Bill Marquette

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

Summary: The User Control Panel (UCP) application is vulnerable to multiple authenticated SQL Injection vulnerabilities which can result in the compromise of administrative accounts as well as the PBX appliance itself. FreePBX has a sizable install base, with Shodan showing over 32 thousand public results for the Sangoma Apache server…

Read more