What is it?
FreePBX is an open-source web-based graphical user interface.
Why is it a risk?
FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.
This is considered a CRITICAL vulnerability.
How can you mitigate the risk?
Upgrade your FreePBX installation to versions 15.0.66, 16.0.89, or 17.0.3.
The GitHub link below contains step-by-step instructions to perform the upgrade.
Resources:
GitHub – Authentication Bypass Leading to SQL Injection and RCE
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
