HTB Connected: From Unauthenticated SQLi to Root via FreePBX, incron & Sudoers Hijack
An unauthenticated SQL injection in FreePBX 16.x (CVE-2025-57819) allows credential extraction and hash replacement, leading to admin access. POST_RELOAD shell injection provides RCE as asterisk. A world-writable incron trigger file and writable module directory enable sudoers hijack for root.
