CVE-2018-15892: SQL Injection
First published: Thu Jun 20 2019(Updated: )
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freepbx Disa | <13.0.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15892?
CVE-2018-15892 refers to a SQL Injection vulnerability in FreePBX 13 and 14 that can be exploited via the hangup variable on the /admin/config.php?display=disa&view=form page.
How does the SQL Injection vulnerability in FreePBX 13 and 14 occur?
The SQL Injection vulnerability occurs in the DISA module of FreePBX 13 and 14, specifically through the hangup variable on the /admin/config.php?display=disa&view=form page.
What is the severity of CVE-2018-15892?
CVE-2018-15892 has a severity keyword of 'medium' and a severity value of 4.3 out of 10.
How can the SQL Injection vulnerability in FreePBX 13 and 14 be fixed?
To fix the SQL Injection vulnerability, it is recommended to upgrade FreePBX to version 14.0.10.3 or higher.
Where can I find more information about CVE-2018-15892?
More information about CVE-2018-15892 can be found on the FreePBX wiki (https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection) and the FreePBX website (https://www.freepbx.org/).
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/freepbx
- canonical/freepbx disa