CVE-2025-57819 PoC — FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

Description

Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting.

Readme

# FreePBX SQL Injection Checker

![Status](https://img.shields.io/badge/status-read--only-blue)
![Target](https://img.shields.io/badge/target-FreePBX-orange)
![CVE](https://img.shields.io/badge/CVE-2025--57819-critical)
![Python](https://img.shields.io/badge/python-3.8%2B-informational)
![License](https://img.shields.io/badge/license-MIT-green)

> 🔍 **Safe, read-only SQLi detector** for FreePBX’s `/admin/ajax.php` focused on `template`, `model`, and `brand` parameters.  
> 🛡️ Uses **error-based**, **boolean-based**, and **time-based** techniques to flag potential injection **without modifying the database**.  
> ✍️ Per-parameter verdicts + clean **JSON report** for CI, alerting, or incident response.

---

## 🔗 About CVE-2025-57819

- **NVD:** [CVE-2025-57819](https://nvd.nist.gov/vuln/detail/CVE-2025-57819)
- **CVE Record:** [CVE-2025-57819](https://www.cve.org/CVERecord?id=CVE-2025-57819)
- **FreePBX Security Advisory:** [GHSA-m42g-xg4c-5f3h](https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h)

---

## ✨ Highlights

- 🧪 **Three techniques**: error, boolean, time (SLEEP)  
- 🧷 **Read-only by design**: no `INSERT/DELETE/UPDATE`  
- 🧭 **Per-parameter results**: `template`, `model`, `brand`  
- ⏱️ **Baseline latency & deltas** for reliable timing checks  
- 🧰 **Proxy-friendly** (Burp/ZAP) & **CI-ready** output  
- 🧾 **JSON** summary for automation & dashboards

---

## 🔒 Safety & Ethics

- ✅ Intended for **your own systems** or systems you’re **authorized** to test  
- ✅ **No data writes**; diagnostics only  
- ⚠️ Check **local law** and **organizational policy** before use

---

## 🚀 Quick Start

```bash
python3 freepbx_sqli_checker.py -H https://your-freepbx.example

File Snapshot

Remarks