← back
CVE-2026-28284

FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module

CVSS 8.6 HIGHEPSS 0.2%CWE-89
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
FreePBX · security-reporting

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-4887-4jwp-327g