CVE-2026-28284
Authenticated SQL Injection in FreePBX Logfiles Module
Publication date: 2026-03-05
Last updated on: 2026-03-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sangoma | freepbx | From 17.0 (inc) to 17.0.5 (exc) |
| sangoma | freepbx | From 16.0 (inc) to 16.0.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-28284 is a set of authenticated SQL injection vulnerabilities found in the FreePBX logfiles module in versions prior to 16.0.10 and 17.0.5. These vulnerabilities occur because user-supplied input, specifically the "namefile" parameter, is not properly sanitized before being used in SQL queries within the isExistLogFiles() function. This improper input handling allows an authenticated attacker to inject malicious SQL commands.'}, {'type': 'paragraph', 'content': 'Exploitation requires the attacker to have valid authentication credentials. The vulnerabilities affect commands such as logfiles_is_exist_file_name, logfiles_set, and logfiles_destory, enabling the attacker to manipulate SQL queries executed by the system.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized viewing or modification of the FreePBX database contents. Because the attacker can manipulate SQL queries, they may gain access to sensitive information, alter data integrity, or disrupt system availability.
The CVSS v4.0 base score of 8.6 indicates a high severity level, with impacts on confidentiality, integrity, and availability. The attack can be performed remotely over the network with low complexity but requires high privileges (authenticated user).
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves authenticated SQL injection in the FreePBX logfiles module, requiring authentication with a known username. Detection involves verifying the version of the FreePBX logfiles module to see if it is prior to 16.0.10 or 17.0.5, as these versions are vulnerable.
Since the vulnerability arises from improper input sanitization in specific module commands (logfiles_is_exist_file_name, logfiles_set, and logfiles_destory), monitoring or auditing logs for unusual SQL query patterns or unexpected database modifications related to these commands may help detect exploitation attempts.
No specific commands for detection are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the FreePBX logfiles module to version 16.0.10 or 17.0.5 or later, where the vulnerability has been patched.
- Restrict access to the FreePBX Administrator Control Panel (ACP) using user management controls.
- Implement additional access controls such as VPN, Multi-Factor Authentication (MFA), or SAML modules to limit administrative access.
- Use the FreePBX Firewall module to block hostile network access to the system.