SQL Injection Vulnerability in Aster Telecom Azcall Product
CVE-2026-15482

6.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-15482?

A security flaw in Aster Telecom Azcall versions 10 and 11 has been detected, specifically within the HTTP Handler component. The vulnerability arises from improper processing of input variables in the file /azcall/adm/gestao_loja/sis.php?t=consultar. This weakness allows attackers to execute SQL injection attacks by manipulating the arguments 'nome', 'perfil', and 'status'. As the exploit has been disclosed publicly, it poses a significant threat and can be executed remotely, leading to unauthorized access to sensitive data. Despite early notification to Aster Telecom regarding this vulnerability, there has been no acknowledgment or response from the vendor.

Affected Version(s)

Azcall 10

Azcall 11

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

r1cm4rInh0 (VulDB User)
VulDB CNA Team
.