Product
A critical SQL injection vulnerability, tracked as CVE-2026-15482, exists in Aster Telecom Azcall 10/11 within the HTTP Handler component, where manipulating the 'nome/perfil/status' argument when accessing '/azcall/adm/gestao_loja/sis.php?t=consultar' can lead to remote SQL injection, with a publicly available exploit allowing unauthenticated attackers to potentially access or modify sensitive data.