CVE-2020-36630

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36630

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36630.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36630

Published

2022-12-25T20:15:25.100Z

Modified

2026-04-10T04:26:01.305072Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771.

References

Affected packages

Git / github.com/freepbx/cdr

Affected ranges

Type: GIT
Repo: https://github.com/freepbx/cdr
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f1a9eea2dfff30fb99d825bac194a676a82b9ec8

Type

GIT

Repo

https://github.com/freepbx/framework

Events

Introduced

Fixed

67aac0611f984dc0d1a56617e0fb18c6a509970b

Database specific

{
    "versions": [
        {
            "introduced": "14.0"
        },
        {
            "fixed": "14.0.5.21"
        }
    ]
}

Affected versions

release/12.*

release/12.0.0.0alpha1.0

release/12.0.1alpha1

release/12.0.1alpha10

release/12.0.1alpha11

release/12.0.1alpha12

release/12.0.1alpha13

release/12.0.1alpha14

release/12.0.1alpha16

release/12.0.1alpha17

release/12.0.1alpha18

release/12.0.1alpha19

release/12.0.1alpha2

release/12.0.1alpha20

release/12.0.1alpha21

release/12.0.1alpha22

release/12.0.1alpha23

release/12.0.1alpha24

release/12.0.1alpha25

release/12.0.1alpha26

release/12.0.1alpha27

release/12.0.1alpha28

release/12.0.1alpha29

release/12.0.1alpha3

release/12.0.1alpha30

release/12.0.1alpha31

release/12.0.1alpha32

release/12.0.1alpha4

release/12.0.1alpha5

release/12.0.1alpha6

release/12.0.1alpha7

release/12.0.1alpha8

release/12.0.2

release/12.0.3

release/12.0.4

release/12.0.5

release/13.*

release/13.0.10

release/13.0.12

release/13.0.13

release/13.0.14

release/13.0.15

release/13.0.16

release/13.0.17

release/13.0.18

release/13.0.19

release/13.0.1RC1.20

release/13.0.1RC1.21

release/13.0.1RC1.22

release/13.0.1RC1.23

release/13.0.1RC1.24

release/13.0.1RC1.25

release/13.0.1RC1.26

release/13.0.1RC1.27

release/13.0.1RC1.28

release/13.0.1RC1.30

release/13.0.1alpha10

release/13.0.1alpha11

release/13.0.1alpha12

release/13.0.1alpha14

release/13.0.1alpha15

release/13.0.1alpha16

release/13.0.1alpha17

release/13.0.1alpha18

release/13.0.1alpha19

release/13.0.1alpha2

release/13.0.1alpha20

release/13.0.1alpha21

release/13.0.1alpha22

release/13.0.1alpha23

release/13.0.1alpha24

release/13.0.1alpha25

release/13.0.1alpha26

release/13.0.1alpha27

release/13.0.1alpha28

release/13.0.1alpha29

release/13.0.1alpha3

release/13.0.1alpha30

release/13.0.1alpha31

release/13.0.1alpha32

release/13.0.1alpha33

release/13.0.1alpha34

release/13.0.1alpha35

release/13.0.1alpha36

release/13.0.1alpha37

release/13.0.1alpha38

release/13.0.1alpha39

release/13.0.1alpha4

release/13.0.1alpha40

release/13.0.1alpha41

release/13.0.1alpha42

release/13.0.1alpha43

release/13.0.1alpha44

release/13.0.1alpha45

release/13.0.1alpha46

release/13.0.1alpha47

release/13.0.1alpha48

release/13.0.1alpha49

release/13.0.1alpha5

release/13.0.1alpha50

release/13.0.1alpha51

release/13.0.1alpha52

release/13.0.1alpha53

release/13.0.1alpha54

release/13.0.1alpha55

release/13.0.1alpha56

release/13.0.1alpha57

release/13.0.1alpha58

release/13.0.1alpha59

release/13.0.1alpha6

release/13.0.1alpha60

release/13.0.1alpha61

release/13.0.1alpha62

release/13.0.1alpha63

release/13.0.1alpha64

release/13.0.1alpha65

release/13.0.1alpha66

release/13.0.1alpha67

release/13.0.1alpha68

release/13.0.1alpha69

release/13.0.1alpha7

release/13.0.1alpha8

release/13.0.1alpha9

release/13.0.1beta1

release/13.0.1beta2

release/13.0.1beta3

release/13.0.1beta3.1

release/13.0.1beta3.10

release/13.0.1beta3.11

release/13.0.1beta3.12

release/13.0.1beta3.13

release/13.0.1beta3.14

release/13.0.1beta3.15

release/13.0.1beta3.16

release/13.0.1beta3.17

release/13.0.1beta3.18

release/13.0.1beta3.19

release/13.0.1beta3.2

release/13.0.1beta3.20

release/13.0.1beta3.21

release/13.0.1beta3.22

release/13.0.1beta3.23

release/13.0.1beta3.24

release/13.0.1beta3.25

release/13.0.1beta3.3

release/13.0.1beta3.4

release/13.0.1beta3.5

release/13.0.1beta3.53

release/13.0.1beta3.54

release/13.0.1beta3.55

release/13.0.1beta3.56

release/13.0.1beta3.57

release/13.0.1beta3.58

release/13.0.1beta3.59

release/13.0.1beta3.6

release/13.0.1beta3.60

release/13.0.1beta3.61

release/13.0.1beta3.62

release/13.0.1beta3.63

release/13.0.1beta3.7

release/13.0.1beta3.9

release/13.0.20

release/13.0.21

release/13.0.22

release/13.0.23

release/13.0.24

release/13.0.25

release/13.0.26

release/13.0.27

release/13.0.28

release/13.0.29

release/13.0.29.1

release/13.0.29.2

release/13.0.29.3

release/13.0.29.4

release/13.0.3

release/13.0.4

release/13.0.5

release/13.0.6

release/13.0.7

release/13.0.8

release/13.0.9

release/14.*

release/14.0.1

release/14.0.1.1

release/14.0.1.10

release/14.0.1.11

release/14.0.1.12

release/14.0.1.13

release/14.0.1.14

release/14.0.1.15

release/14.0.1.16

release/14.0.1.18

release/14.0.1.19

release/14.0.1.2

release/14.0.1.20

release/14.0.1.21

release/14.0.1.22

release/14.0.1.23

release/14.0.1.24

release/14.0.1.25

release/14.0.1.26

release/14.0.1.27

release/14.0.1.28

release/14.0.1.29

release/14.0.1.3

release/14.0.1.30

release/14.0.1.31

release/14.0.1.32

release/14.0.1.33

release/14.0.1.34

release/14.0.1.35

release/14.0.1.36

release/14.0.1.4

release/14.0.1.5

release/14.0.1.6

release/14.0.1.7

release/14.0.1.8

release/14.0.1.9

release/14.0.1alpha1

release/14.0.1alpha10

release/14.0.1alpha11

release/14.0.1alpha12

release/14.0.1alpha13

release/14.0.1alpha14

release/14.0.1alpha15

release/14.0.1alpha16

release/14.0.1alpha17

release/14.0.1alpha18

release/14.0.1alpha19

release/14.0.1alpha2

release/14.0.1alpha20

release/14.0.1alpha21

release/14.0.1alpha22

release/14.0.1alpha23

release/14.0.1alpha24

release/14.0.1alpha25

release/14.0.1alpha26

release/14.0.1alpha27

release/14.0.1alpha28

release/14.0.1alpha29

release/14.0.1alpha3

release/14.0.1alpha30

release/14.0.1alpha31

release/14.0.1alpha32

release/14.0.1alpha33

release/14.0.1alpha34

release/14.0.1alpha35

release/14.0.1alpha4

release/14.0.1alpha5

release/14.0.1alpha6

release/14.0.1alpha7

release/14.0.1alpha8

release/14.0.1alpha9

release/14.0.1beta1

release/14.0.1beta10

release/14.0.1beta11

release/14.0.1beta12

release/14.0.1beta13

release/14.0.1beta14

release/14.0.1beta15

release/14.0.1beta16

release/14.0.1beta17

release/14.0.1beta18

release/14.0.1beta19

release/14.0.1beta2

release/14.0.1beta20

release/14.0.1beta3

release/14.0.1beta4

release/14.0.1beta5

release/14.0.1beta6

release/14.0.1beta7

release/14.0.1beta8

release/14.0.1beta9

release/14.0.1rc1

release/14.0.1rc1.1

release/14.0.1rc1.10

release/14.0.1rc1.11

release/14.0.1rc1.12

release/14.0.1rc1.13

release/14.0.1rc1.14

release/14.0.1rc1.15

release/14.0.1rc1.16

release/14.0.1rc1.17

release/14.0.1rc1.18

release/14.0.1rc1.19

release/14.0.1rc1.2

release/14.0.1rc1.21

release/14.0.1rc1.22

release/14.0.1rc1.23

release/14.0.1rc1.24

release/14.0.1rc1.25

release/14.0.1rc1.26

release/14.0.1rc1.27

release/14.0.1rc1.29

release/14.0.1rc1.3

release/14.0.1rc1.30

release/14.0.1rc1.4

release/14.0.1rc1.5

release/14.0.1rc1.6

release/14.0.1rc1.7

release/14.0.1rc1.8

release/14.0.2

release/14.0.2.1

release/14.0.2.10

release/14.0.2.11

release/14.0.2.12

release/14.0.2.13

release/14.0.2.14

release/14.0.2.15

release/14.0.2.16

release/14.0.2.17

release/14.0.2.18

release/14.0.2.2

release/14.0.2.4

release/14.0.2.6

release/14.0.3

release/14.0.3.1

release/14.0.3.10

release/14.0.3.11

release/14.0.3.12

release/14.0.3.13

release/14.0.3.14

release/14.0.3.15

release/14.0.3.16

release/14.0.3.17

release/14.0.3.19

release/14.0.3.2

release/14.0.3.20

release/14.0.3.21

release/14.0.3.22

release/14.0.3.23

release/14.0.3.24

release/14.0.3.25

release/14.0.3.26

release/14.0.3.3

release/14.0.3.4

release/14.0.3.5

release/14.0.3.6

release/14.0.3.7

release/14.0.3.8

release/14.0.3.9

release/14.0.4

release/14.0.4.1

release/14.0.4.2

release/14.0.4.3

release/14.0.4.4

release/14.0.4.5

release/14.0.5

release/14.0.5.1

release/14.0.5.10

release/14.0.5.11

release/14.0.5.12

release/14.0.5.13

release/14.0.5.14

release/14.0.5.15

release/14.0.5.16

release/14.0.5.17

release/14.0.5.18

release/14.0.5.19

release/14.0.5.2

release/14.0.5.20

release/14.0.5.3

release/14.0.5.4

release/14.0.5.5

release/14.0.5.6

release/14.0.5.7

release/14.0.5.8

release/14.0.5.9

release/2.*

release/2.11.0.0

release/2.11.0.0beta1.0

release/2.11.0.0beta1.1

release/2.11.0.0beta1.2

release/2.11.0.0beta1.3

release/2.11.0.0beta1.4

release/2.11.0.0beta1.5

release/2.11.0.0beta2.0

release/2.11.0.0beta2.1

release/2.11.0.0beta2.2

release/2.11.0.0beta2.3

release/2.11.0.0beta2.4

release/2.11.0.0beta2.5

release/2.11.0.0beta2.6

release/2.11.0.0beta2.8

release/2.11.0.0beta2.9

release/2.11.0.0rc1.0

release/2.11.0.0rc1.1

release/2.11.0.0rc1.2

release/2.11.0.0rc1.3

release/2.11.0.0rc1.4

release/2.11.0.0rc1.5

release/2.11.0.0rc1.7

release/2.11.0.1

release/2.11.0.10

release/2.11.0.11

release/2.11.0.2

release/2.11.0.3

release/2.11.0.4

release/2.11.0.5

release/2.11.0.6

release/2.11.0.7

release/2.11.0.8

release/2.11.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36630.json"