Every CVE whose affected-product data names Freepbx Disa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2018-15892 — CVSS 4.3 (medium): FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.