Tag
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function, allowing authenticated users to execute arbitrary commands via crafted GraphQL mutations.