CVE-2026-28284
Undergoing Analysis Undergoing Analysis - In Progress
Authenticated SQL Injection in FreePBX Logfiles Module

Publication date: 2026-03-05

Last updated on: 2026-03-06

Assigner: GitHub, Inc.

Description
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28284
EUVD
EUVD-2026-9861
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sangoma freepbx From 17.0 (inc) to 17.0.5 (exc)
sangoma freepbx From 16.0 (inc) to 16.0.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-28284 is a set of authenticated SQL injection vulnerabilities found in the FreePBX logfiles module in versions prior to 16.0.10 and 17.0.5. These vulnerabilities occur because user-supplied input, specifically the "namefile" parameter, is not properly sanitized before being used in SQL queries within the isExistLogFiles() function. This improper input handling allows an authenticated attacker to inject malicious SQL commands.'}, {'type': 'paragraph', 'content': 'Exploitation requires the attacker to have valid authentication credentials. The vulnerabilities affect commands such as logfiles_is_exist_file_name, logfiles_set, and logfiles_destory, enabling the attacker to manipulate SQL queries executed by the system.'}] [1]

Impact Analysis

This vulnerability can have serious impacts including unauthorized viewing or modification of the FreePBX database contents. Because the attacker can manipulate SQL queries, they may gain access to sensitive information, alter data integrity, or disrupt system availability.

The CVSS v4.0 base score of 8.6 indicates a high severity level, with impacts on confidentiality, integrity, and availability. The attack can be performed remotely over the network with low complexity but requires high privileges (authenticated user).

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves authenticated SQL injection in the FreePBX logfiles module, requiring authentication with a known username. Detection involves verifying the version of the FreePBX logfiles module to see if it is prior to 16.0.10 or 17.0.5, as these versions are vulnerable.

Since the vulnerability arises from improper input sanitization in specific module commands (logfiles_is_exist_file_name, logfiles_set, and logfiles_destory), monitoring or auditing logs for unusual SQL query patterns or unexpected database modifications related to these commands may help detect exploitation attempts.

No specific commands for detection are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include updating the FreePBX logfiles module to version 16.0.10 or 17.0.5 or later, where the vulnerability has been patched.

  • Restrict access to the FreePBX Administrator Control Panel (ACP) using user management controls.
  • Implement additional access controls such as VPN, Multi-Factor Authentication (MFA), or SAML modules to limit administrative access.
  • Use the FreePBX Firewall module to block hostile network access to the system.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28284. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart