FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11.

AI Analysis

Authenticated SQL injection vulnerability via ORDER BY in CDR Reports module

Basic Information

ID CVE-2026-44238

Source GitHub_M

Published May 29, 2026 at 12:44

Affected Product

Vendor FreePBX

Product security-reporting

Version < 16.0.50

Affected Versions FreePBX security-reporting < 16.0.50
FreePBX security-reporting >= 17.0.1, < 17.0.11

CWE Classification

CWE-89

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor FreePBX

Product FreePBX

Version < 16.0.50, < 17.0.11

References

github.com /FreePBX/security-reporting/security/advisories/GHSA-p9fq-fmpw-2h9x

{
    "lastseen": "",
    "description": "FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11.",
    "published": "2026-05-29T12:44:26.745Z",
    "modified": "2026-05-29T12:44:26.745Z",
    "type": "cve",
    "title": "FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports",
    "source": "GitHub_M",
    "references": "https://github.com/FreePBX/security-reporting/security/advisories/GHSA-p9fq-fmpw-2h9x",
    "id": "CVE-2026-44238",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "FreePBX security-reporting < 16.0.50\nFreePBX security-reporting >= 17.0.1, < 17.0.11",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-reporting",
    "version": "< 16.0.50",
    "vendor": "FreePBX",
    "ai_description": "Authenticated SQL injection vulnerability via ORDER BY in CDR Reports module",
    "ai_severity": "High",
    "ai_vendor": "FreePBX",
    "ai_product": "FreePBX",
    "ai_version": "< 16.0.50, < 17.0.11",
    "ai_score": 8.5
}

FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports_CVE-2026-44238