CVE-2025-62173 | FreePBX up to 16.0.40/17.0.5 REST API sql injection (GHSA-q3h9-fmpr-vpfw)

Inserito da Angelo Barbosa | Dic 4, 2025 | CVE

A vulnerability was found in FreePBX up to 16.0.40/17.0.5. It has been rated as critical. This affects an unknown function of the component REST API. This manipulation causes sql injection.

This vulnerability appears as CVE-2025-62173. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2025-62173 | FreePBX up to 16.0.40/17.0.5 REST API sql injection (GHSA-q3h9-fmpr-vpfw)

Post correlati

CVE-2025-23007 | SonicWall NetExtender up to 10.3.0 on Windows Client Log Export privileges management (SNWLID-2025-0005)

CVE-2024-3048 | Bannerlid Plugin up to 1.1.0 on WordPress cross site scripting

CVE-2024-27937 | GLPI up to 10.0.12 improper authorization

CVE-2023-48114 | SmarterTools SmarterMail prior 16.x Build 8747 SVG Document unrestricted upload