FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-06-20