CVE-2026-28284
HIGH WAF: High
CVSS 8.8
Published: 2026-03-05
CWE-89
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sangoma | freepbx | 16.0 - 16.0.10 |
| sangoma | freepbx | 17.0 - 17.0.5 |
References
- github.com (Mitigation, Vendor Advisory)