CVE-2018-6393

EPSS 2.34% · P85 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-6393

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

FreePBX SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

FreePBX（前称Asterisk Management Portal）是FreePBX项目的一套通过GUI（基于网页的图形化接口）配置Asterisk（IP电话系统）的工具。 FreePBX 10.13.66-32bit版本中存在SQL注入漏洞。远程攻击者可借助‘order’参数利用该漏洞执行SQL命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-6393

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-6393

Please Login to view more intelligence information

http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.htmlx_refsource_MISC
https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txtx_refsource_MISC
http://www.securityfocus.com/bid/102854vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2018-6393

Same Patch Batch · n/a · 2018-01-29 · 25 CVEs total

CVE-2017-1000354		CloudBees Jenkins 安全漏洞
CVE-2018-0101		多款Cisco产品Adaptive Security Appliance Software 安全漏洞
CVE-2016-10711		Apsis Pound 安全漏洞
CVE-2018-6392		FFmpeg 安全漏洞
CVE-2018-6391		Netis WF2419 跨站请求伪造漏洞
CVE-2018-6390		Kingsoft WPS Office 安全漏洞
CVE-2018-6388		iBall iB-WRA150N 安全漏洞
CVE-2018-6387		iBall iB-WRA150N 安全漏洞
CVE-2018-6383		Monstra CMS 安全漏洞
CVE-2018-6381		ZZIPlib 缓冲区错误漏洞
CVE-2017-1000356		CloudBees Jenkins 跨站请求伪造漏洞
CVE-2017-1000355		CloudBees Jenkins 安全漏洞
CVE-2017-18078		systemd 安全漏洞
CVE-2017-1000353		CloudBees Jenkins 代码问题漏洞
CVE-2017-14699		多款ASUS路由器安全漏洞
CVE-2017-14698		多款ASUS路由器安全漏洞
CVE-2018-6367		Vastal I-Tech Buddy Zone Facebook Clone SQL注入漏洞
CVE-2018-6365		TSiteBuilder SQL注入漏洞
CVE-2018-6364		Multilanguage Real Estate MLM Script SQL注入漏洞
CVE-2018-6363		Task Rabbit Clone SQL注入漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-6393

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-6393

I. Basic Information for CVE-2018-6393

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-6393

III. Intelligence Information for CVE-2018-6393

Same Patch Batch · n/a · 2018-01-29 · 25 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-6393

Leave a comment