CVE-2026-28210
SQL Injection in FreePBX CDR Module Allows Data Manipulation
Publication date: 2026-03-05
Last updated on: 2026-03-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sangoma | freepbx | From 17.0 (inc) to 17.0.7 (exc) |
| sangoma | freepbx | From 16.0 (inc) to 16.0.49 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28210 is an authenticated SQL injection vulnerability in the FreePBX cdr (Call Data Record) module affecting versions prior to 16.0.49 and 17.0.7.
The vulnerability occurs due to insufficient input sanitization of certain LIMIT parameters in SQL queries, specifically in the file page.cdr.php at lines 696 and 702.
This flaw allows attackers who have valid credentials and high privileges to inject malicious SQL code via user-controlled input, enabling both UNION-based and Time-Based Blind SQL injection attacks.
As a result, attackers can view or manipulate database data directly.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows attackers with authenticated access and high privileges to execute arbitrary SQL commands on the database.
- Attackers can view sensitive data stored in the database.
- Attackers can manipulate or alter database data, potentially disrupting system operations.
- The integrity, confidentiality, and availability of the affected system can be compromised.
Exploitation requires authentication but no user interaction, making it easier for attackers with access to cause damage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is an authenticated SQL injection in the FreePBX cdr module, specifically involving insufficient input sanitization of certain LIMIT parameters in SQL queries within page.cdr.php at lines 696 and 702.
Detection involves verifying if your FreePBX installation is running a vulnerable version (prior to 16.0.49 or 17.0.7) and monitoring for suspicious authenticated requests to the cdr module that include unusual or crafted LIMIT parameters.
While no explicit detection commands are provided, you can check the FreePBX version via the command line or web interface to confirm if it is vulnerable.
- Check FreePBX version: Use the FreePBX web interface or run `fwconsole --version` on the server.
- Monitor web server logs for authenticated requests to page.cdr.php with suspicious parameters, especially those containing SQL keywords or unusual LIMIT values.
- Use web application firewall (WAF) logs or IDS/IPS systems to detect SQL injection patterns targeting the cdr module.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update the FreePBX cdr module to version 16.0.49 or 17.0.7 where the issue has been patched.
Additionally, restrict access to the FreePBX Administrator Control Panel to prevent unauthorized or unnecessary access.
- Apply the official update to the cdr module to version 16.0.49 or 17.0.7.
- Restrict access to the Admin Control Panel using user management controls.
- Implement VPN access for administrative functions.
- Enable Multi-Factor Authentication (MFA) and SAML authentication for administrators.
- Use firewall modules to limit network access to the FreePBX administration interface.