The presentation will take place in Room 106 on Thursday, March 5, 2026 - 11:30 to 11:45
FreePBX is a key component of many VoIP deployments, making its security essential. This session covers real-world vulnerability discovery, responsible disclosure, and remediation based on Horizon3.ai's research. We’ll examine three critical vulnerabilities in FreePBX: SQL injection, file upload flaws leading to remote code execution, and authentication bypasses. Learn how these were identified, their impact, and the technical details behind them.
This session outlines the responsible disclosure process and collaboration with the FreePBX team to protect users. Gain insights into telephony system vulnerabilities, responsible disclosure, and practical security strategies for protecting FreePBX deployments.
