VYPR

cdr

by Freepbx

CVEs (2)

  • CVE-2020-36630MedDec 25, 2022
    risk 0.29cvss 5.5epss 0.01

    A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this…

  • CVE-2026-28210Mar 5, 2026
    risk 0.00cvss epss 0.00

    FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.