CVE-2018-6393

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-6393

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6393.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6393

Published

2018-01-29T20:29:00.420Z

Modified

2026-04-10T04:11:08.165493Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.

References

Affected packages

Git / github.com/freepbx/framework

Affected ranges

Type

GIT

Repo

https://github.com/freepbx/framework

Events

Introduced

Last affected

3e8c8a235a4baed436d8bf7fa686d2b080f2dfca

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0.1.24"
        }
    ]
}

Affected versions

release/12.*

release/12.0.0.0alpha1.0

release/12.0.1alpha1

release/12.0.1alpha10

release/12.0.1alpha11

release/12.0.1alpha12

release/12.0.1alpha13

release/12.0.1alpha14

release/12.0.1alpha16

release/12.0.1alpha17

release/12.0.1alpha18

release/12.0.1alpha19

release/12.0.1alpha2

release/12.0.1alpha20

release/12.0.1alpha21

release/12.0.1alpha22

release/12.0.1alpha23

release/12.0.1alpha24

release/12.0.1alpha25

release/12.0.1alpha26

release/12.0.1alpha27

release/12.0.1alpha28

release/12.0.1alpha29

release/12.0.1alpha3

release/12.0.1alpha30

release/12.0.1alpha31

release/12.0.1alpha32

release/12.0.1alpha4

release/12.0.1alpha5

release/12.0.1alpha7

release/13.*

release/13.0.1RC1.20

release/13.0.1RC1.21

release/13.0.1RC1.22

release/13.0.1RC1.23

release/13.0.1RC1.24

release/13.0.1RC1.25

release/13.0.1RC1.26

release/13.0.1RC1.27

release/13.0.1RC1.28

release/13.0.1RC1.30

release/13.0.1alpha10

release/13.0.1alpha11

release/13.0.1alpha12

release/13.0.1alpha14

release/13.0.1alpha15

release/13.0.1alpha16

release/13.0.1alpha17

release/13.0.1alpha18

release/13.0.1alpha19

release/13.0.1alpha2

release/13.0.1alpha20

release/13.0.1alpha21

release/13.0.1alpha22

release/13.0.1alpha23

release/13.0.1alpha24

release/13.0.1alpha25

release/13.0.1alpha26

release/13.0.1alpha27

release/13.0.1alpha28

release/13.0.1alpha29

release/13.0.1alpha3

release/13.0.1alpha30

release/13.0.1alpha31

release/13.0.1alpha32

release/13.0.1alpha33

release/13.0.1alpha34

release/13.0.1alpha35

release/13.0.1alpha36

release/13.0.1alpha37

release/13.0.1alpha38

release/13.0.1alpha39

release/13.0.1alpha4

release/13.0.1alpha40

release/13.0.1alpha41

release/13.0.1alpha42

release/13.0.1alpha43

release/13.0.1alpha44

release/13.0.1alpha45

release/13.0.1alpha46

release/13.0.1alpha47

release/13.0.1alpha48

release/13.0.1alpha49

release/13.0.1alpha5

release/13.0.1alpha50

release/13.0.1alpha51

release/13.0.1alpha52

release/13.0.1alpha53

release/13.0.1alpha54

release/13.0.1alpha55

release/13.0.1alpha56

release/13.0.1alpha57

release/13.0.1alpha58

release/13.0.1alpha59

release/13.0.1alpha6

release/13.0.1alpha60

release/13.0.1alpha61

release/13.0.1alpha62

release/13.0.1alpha63

release/13.0.1alpha64

release/13.0.1alpha65

release/13.0.1alpha66

release/13.0.1alpha67

release/13.0.1alpha68

release/13.0.1alpha69

release/13.0.1alpha7

release/13.0.1alpha8

release/13.0.1alpha9

release/13.0.1beta1

release/13.0.1beta2

release/13.0.1beta3

release/13.0.1beta3.1

release/13.0.1beta3.10

release/13.0.1beta3.11

release/13.0.1beta3.12

release/13.0.1beta3.13

release/13.0.1beta3.14

release/13.0.1beta3.15

release/13.0.1beta3.16

release/13.0.1beta3.17

release/13.0.1beta3.18

release/13.0.1beta3.19

release/13.0.1beta3.2

release/13.0.1beta3.20

release/13.0.1beta3.21

release/13.0.1beta3.22

release/13.0.1beta3.23

release/13.0.1beta3.24

release/13.0.1beta3.25

release/13.0.1beta3.3

release/13.0.1beta3.4

release/13.0.1beta3.5

release/13.0.1beta3.53

release/13.0.1beta3.54

release/13.0.1beta3.55

release/13.0.1beta3.56

release/13.0.1beta3.57

release/13.0.1beta3.58

release/13.0.1beta3.59

release/13.0.1beta3.6

release/13.0.1beta3.60

release/13.0.1beta3.61

release/13.0.1beta3.62

release/13.0.1beta3.63

release/13.0.1beta3.7

release/13.0.1beta3.9

release/13.0.4

release/13.0.5

release/13.0.6

release/14.*

release/14.0.1

release/14.0.1.1

release/14.0.1.10

release/14.0.1.11

release/14.0.1.12

release/14.0.1.13

release/14.0.1.14

release/14.0.1.15

release/14.0.1.16

release/14.0.1.18

release/14.0.1.19

release/14.0.1.2

release/14.0.1.20

release/14.0.1.21

release/14.0.1.22

release/14.0.1.23

release/14.0.1.24

release/14.0.1.3

release/14.0.1.4

release/14.0.1.5

release/14.0.1.6

release/14.0.1.7

release/14.0.1.8

release/14.0.1.9

release/14.0.1alpha1

release/14.0.1alpha10

release/14.0.1alpha11

release/14.0.1alpha12

release/14.0.1alpha13

release/14.0.1alpha14

release/14.0.1alpha15

release/14.0.1alpha16

release/14.0.1alpha17

release/14.0.1alpha18

release/14.0.1alpha19

release/14.0.1alpha2

release/14.0.1alpha20

release/14.0.1alpha21

release/14.0.1alpha22

release/14.0.1alpha23

release/14.0.1alpha24

release/14.0.1alpha25

release/14.0.1alpha26

release/14.0.1alpha27

release/14.0.1alpha28

release/14.0.1alpha29

release/14.0.1alpha3

release/14.0.1alpha30

release/14.0.1alpha31

release/14.0.1alpha32

release/14.0.1alpha33

release/14.0.1alpha34

release/14.0.1alpha35

release/14.0.1alpha4

release/14.0.1alpha5

release/14.0.1alpha6

release/14.0.1alpha7

release/14.0.1alpha8

release/14.0.1alpha9

release/14.0.1beta1

release/14.0.1beta10

release/14.0.1beta11

release/14.0.1beta12

release/14.0.1beta13

release/14.0.1beta14

release/14.0.1beta15

release/14.0.1beta16

release/14.0.1beta17

release/14.0.1beta18

release/14.0.1beta19

release/14.0.1beta2

release/14.0.1beta20

release/14.0.1beta3

release/14.0.1beta4

release/14.0.1beta5

release/14.0.1beta6

release/14.0.1beta7

release/14.0.1beta8

release/14.0.1beta9

release/14.0.1rc1

release/14.0.1rc1.1

release/14.0.1rc1.10

release/14.0.1rc1.11

release/14.0.1rc1.12

release/14.0.1rc1.13

release/14.0.1rc1.14

release/14.0.1rc1.15

release/14.0.1rc1.16

release/14.0.1rc1.17

release/14.0.1rc1.18

release/14.0.1rc1.19

release/14.0.1rc1.2

release/14.0.1rc1.21

release/14.0.1rc1.22

release/14.0.1rc1.23

release/14.0.1rc1.24

release/14.0.1rc1.25

release/14.0.1rc1.26

release/14.0.1rc1.27

release/14.0.1rc1.29

release/14.0.1rc1.3

release/14.0.1rc1.30

release/14.0.1rc1.4

release/14.0.1rc1.5

release/14.0.1rc1.6

release/14.0.1rc1.7

release/14.0.1rc1.8

release/2.*

release/2.11.0.0

release/2.11.0.0beta1.0

release/2.11.0.0beta1.1

release/2.11.0.0beta1.2

release/2.11.0.0beta1.3

release/2.11.0.0beta1.4

release/2.11.0.0beta1.5

release/2.11.0.0beta2.0

release/2.11.0.0beta2.1

release/2.11.0.0beta2.2

release/2.11.0.0beta2.3

release/2.11.0.0beta2.4

release/2.11.0.0beta2.5

release/2.11.0.0beta2.6

release/2.11.0.0beta2.8

release/2.11.0.0beta2.9

release/2.11.0.0rc1.0

release/2.11.0.0rc1.1

release/2.11.0.0rc1.2

release/2.11.0.0rc1.3

release/2.11.0.0rc1.4

release/2.11.0.0rc1.5

release/2.11.0.0rc1.7

release/2.11.0.1

release/2.11.0.10

release/2.11.0.11

release/2.11.0.2

release/2.11.0.3

release/2.11.0.4

release/2.11.0.5

release/2.11.0.6

release/2.11.0.7

release/2.11.0.8

release/2.11.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6393.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.13.66"
            }
        ]
    }
]