There is a security hole in FreePBX < 13.0.188. Freepbx is vulnerable to Remote command execution due to insufficient sanitization of user input fields.
For more details checkout this link.
Its important to keep your free-pbx secure. Once the hacker gets access to your system, they can make thousands of dollar of calls to expensive areas all over the world. Freepbx is free software, but it comes with lot of responsibility. We see lot of people get attracted towards free software but they dont spend enough tough in learning the software and almost no time in how to keep it secure.
If you dont have enough expertise and if you are a small company, please do yourself a favor and consider using hosted phone service.