A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Security readout for executives and security teams
Plain-English summary
CVE-2026-15482 is a remotely reachable SQL injection issue in Aster Telecom Azcall 10 and 11. A public proof of concept is reported, and the vendor reportedly did not respond. Treat exposed systems as a high business risk, especially where Azcall is internet-facing or handles sensitive call, customer, or administrative data.
Executive priority
Prioritize this for rapid exposure reduction. The combination of remote unauthenticated reachability, SQL injection impact, and public proof-of-concept availability creates meaningful risk, even without confirmed active exploitation.
Technical view
The reported flaw affects the Azcall HTTP handler at /azcall/adm/gestao_loja/sis.php?t=consultar. Manipulation of nome, perfil, or status can lead to SQL injection. The CVSS v2 score is 7.5 with network access, low complexity, and no authentication. Product internals and fixed versions are not identified in the supplied sources.
Likely exposure
Exposure is likely limited to organizations running Aster Telecom Azcall 10 or 11, especially if the Azcall administrative web interface is reachable from untrusted networks. The sources do not confirm cloud services, other versions, or downstream bundled products.
Exploitation context
The sources state that exploit code has been made public and could be used for attacks. There is no KEV listing and no supplied source confirms active exploitation in the wild. The vendor was reportedly contacted but did not respond.
Researcher notes
Evidence is mostly from VulDB and CVE records. The affected component and parameters are named, but product internals, patch status, and real-world exploitation are not confirmed. Avoid assuming impact beyond Azcall 10 and 11 until vendor or additional primary evidence appears.
Mitigation direction
Check Aster Telecom guidance for a patch or supported remediation.
Remove Azcall administrative paths from public internet access.
Restrict access with VPN, allowlists, or internal network controls.
Apply WAF or reverse-proxy filtering as a temporary control.
Increase logging and monitoring around Azcall HTTP requests.
Review database integrity if exposure cannot be ruled out.
Validation and detection
Inventory all Azcall deployments and confirm versions 10 or 11.
Check whether the Azcall admin web interface is internet-facing.
Review web logs for suspicious requests to the affected sis.php path.
Assess database access privileges used by the Azcall application.
Confirm whether any vendor update or advisory has appeared.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-74: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-74 · source CWE mapping
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.