{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/aster-telecom/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-15482"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Azcall 10/11"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-vulnerability","cve","exploit-available"],"_cs_type":"advisory","_cs_vendors":["Aster Telecom"],"content_html":"\u003cp\u003eA significant SQL injection vulnerability, identified as CVE-2026-15482, has been discovered in Aster Telecom Azcall versions 10 and 11. This flaw resides within the application's HTTP Handler component, specifically affecting the processing of input to the file \u003ccode\u003e/azcall/adm/gestao_loja/sis.php?t=consultar\u003c/code\u003e. Attackers can remotely exploit this weakness by manipulating the \u003ccode\u003enome\u003c/code\u003e, \u003ccode\u003eperfil\u003c/code\u003e, or \u003ccode\u003estatus\u003c/code\u003e arguments in the URL query string to inject malicious SQL commands. The vulnerability has a CVSS v3.1 Base Score of 7.3, indicating high severity. Crucially, a public exploit for this vulnerability is available, making it accessible for immediate use by malicious actors. The vendor, Aster Telecom, was notified prior to public disclosure but has reportedly not responded. This poses a substantial risk to organizations using affected Azcall instances, as unauthenticated attackers can gain unauthorized access to or modify sensitive database information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e An attacker identifies an internet-facing instance of Aster Telecom Azcall 10/11, potentially through scanning or public search engines.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification:\u003c/strong\u003e The attacker leverages knowledge of CVE-2026-15482 and its publicly available exploit details, understanding the SQL injection flaw within the \u003ccode\u003e/azcall/adm/gestao_loja/sis.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious HTTP Request Crafting:\u003c/strong\u003e The attacker constructs a specially crafted HTTP GET request targeting the vulnerable endpoint \u003ccode\u003e/azcall/adm/gestao_loja/sis.php?t=consultar\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSQL Payload Injection:\u003c/strong\u003e An SQL injection payload is embedded within one of the \u003ccode\u003enome\u003c/code\u003e, \u003ccode\u003eperfil\u003c/code\u003e, or \u003ccode\u003estatus\u003c/code\u003e URL query parameters of the crafted HTTP GET request.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnsanitized Input Processing:\u003c/strong\u003e The vulnerable HTTP Handler component of Azcall receives and processes the request without adequately validating or sanitizing the malicious input.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBackend Database Execution:\u003c/strong\u003e The injected SQL payload is executed directly by the backend database, resulting in unauthorized query execution.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnauthorized Data Access/Manipulation:\u003c/strong\u003e The attacker gains unauthorized access to sensitive database information, potentially leading to data exfiltration, modification, or deletion, depending on the injected payload.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15482 can lead to severe consequences, primarily unauthorized access to and manipulation of the backend database. This includes the potential for full data exfiltration, modification of critical system records, or even deletion of database contents, resulting in data breaches, data loss, and operational disruption. Given the publicly available exploit, all unpatched Aster Telecom Azcall 10/11 instances are at high risk of compromise, potentially exposing customer data, configuration details, or other sensitive organizational information to unauthorized parties. The lack of vendor response further exacerbates the risk, leaving affected organizations without an official patch.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eImplement WAF Rules:\u003c/strong\u003e Deploy web application firewall (WAF) rules to detect and block SQL injection attempts targeting the \u003ccode\u003e/azcall/adm/gestao_loja/sis.php\u003c/code\u003e endpoint and its parameters (\u003ccode\u003enome\u003c/code\u003e, \u003ccode\u003eperfil\u003c/code\u003e, \u003ccode\u003estatus\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor Webserver Logs:\u003c/strong\u003e Continuously monitor webserver access logs for suspicious HTTP GET requests to \u003ccode\u003e/azcall/adm/gestao_loja/sis.php?t=consultar\u003c/code\u003e containing SQL injection patterns in the URL query string to activate the rule below.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Scanning:\u003c/strong\u003e Conduct regular vulnerability scanning on all internet-facing web applications to identify and remediate similar web vulnerabilities.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePatching:\u003c/strong\u003e Apply any future patches released by Aster Telecom for CVE-2026-15482 immediately upon availability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-12T07:19:46Z","date_published":"2026-07-12T07:19:46Z","id":"https://feed.craftedsignal.io/briefs/2026-07-aster-telecom-azcall-sql-injection/","summary":"A critical SQL injection vulnerability, tracked as CVE-2026-15482, exists in Aster Telecom Azcall 10/11 within the HTTP Handler component, where manipulating the 'nome/perfil/status' argument when accessing '/azcall/adm/gestao_loja/sis.php?t=consultar' can lead to remote SQL injection, with a publicly available exploit allowing unauthenticated attackers to potentially access or modify sensitive data.","title":"SQL Injection Vulnerability in Aster Telecom Azcall (CVE-2026-15482)","url":"https://feed.craftedsignal.io/briefs/2026-07-aster-telecom-azcall-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Aster Telecom","version":"https://jsonfeed.org/version/1.1"}