Primary

Context

FreePBX Logfiles Module Authenticated SQL Injection Vulnerability

Vulnerability

Patched

In the FreePBX logfiles module, prior to versions 16.0.10 and 17.0.5, several authenticated SQL injection vulnerabilities were identified. These vulnerabilities arise from inadequate input sanitization in specific module commands, allowing user-controlled data to be directly inserted into SQL queries. An authenticated user could exploit this to view or manipulate database information.

Impact

Exploitation of these vulnerabilities allows for authenticated SQL injection, enabling attackers to execute arbitrary SQL commands. This could lead to unauthorized data access, data manipulation, or potentially executing administrative operations on the database.

Remediation

Users are advised to update the logfiles module to the latest version. Additionally, ensure that only authorized users have access to the FreePBX Administrator Control Panel, and consider using the FreePBX Firewall module to deny access from hostile networks.

Added: Mar 5, 2026, 7:21 PM

Updated: Mar 5, 2026, 7:43 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.1

exploitability

4.5

remediation

7.9

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.1

exploitability

4.5

remediation

7.9

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreePBX Logfiles Module Authenticated SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

FreePBX logfiles

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating