High severity7.2OSV Advisory· Published Jan 29, 2018· Updated Jun 17, 2026
CVE-2018-6393
CVE-2018-6393
Description
FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.htmlnvdExploitThird Party Advisory
- github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txtnvdExploitThird Party Advisory
- www.securityfocus.com/bid/102854nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.