Skip to main content

Azcall

1 CVEs product

Monthly

CVE-2026-15482 MEDIUM This Month

SQL injection in Aster Telecom Azcall 10/11 exposes a network-reachable administrative endpoint to unauthenticated query manipulation via the nome, perfil, and status HTTP parameters in the store management handler. The CVSS 4.0 vector confirms no authentication or special prerequisites are required (AV:N/AC:L/PR:N/UI:N), and public exploit code is available (E:P). The vendor did not respond to coordinated disclosure, meaning no official patch exists at time of analysis.

SQLi PHP Azcall
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in Aster Telecom Azcall 10/11 exposes a network-reachable administrative endpoint to unauthenticated query manipulation via the nome, perfil, and status HTTP parameters in the store management handler. The CVSS 4.0 vector confirms no authentication or special prerequisites are required (AV:N/AC:L/PR:N/UI:N), and public exploit code is available (E:P). The vendor did not respond to coordinated disclosure, meaning no official patch exists at time of analysis.

SQLi PHP Azcall
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy