SQL Injection Vulnerability in Aster Telecom Azcall Product
CVE-2026-15482
6.9MEDIUM
What is CVE-2026-15482?
A security flaw in Aster Telecom Azcall versions 10 and 11 has been detected, specifically within the HTTP Handler component. The vulnerability arises from improper processing of input variables in the file /azcall/adm/gestao_loja/sis.php?t=consultar. This weakness allows attackers to execute SQL injection attacks by manipulating the arguments 'nome', 'perfil', and 'status'. As the exploit has been disclosed publicly, it poses a significant threat and can be executed remotely, leading to unauthorized access to sensitive data. Despite early notification to Aster Telecom regarding this vulnerability, there has been no acknowledgment or response from the vendor.
Affected Version(s)
Azcall 10
Azcall 11
