VYPR
High severity8.8NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026

CVE-2026-44238

CVE-2026-44238

Description

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: <16.0.50,<17.0.11
  • Freepbx/Freepbx2 versions
    cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*range: <16.0.50
    • (no CPE)range: <16.0.50, <17.0.11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.