callme_page.php patch for FreePBX 2.6

Our FreePBX server was recently hacked by someone using the callme_page.php exploit. I found the command in the access_log file. This is an older version of FreePBX (2.6) and I can not afford to upgrade at the present time. I am looking for a patch that fixes this security vulnerability so I can reenable the web server.

Can someone point me to a patch file for FreePBX version 2.6 that will correct this issue?

Thank you for any assistance.

I don’t understand “I can’t afford to update”, updates are free. You need to go to 2.9, don’t go all the way to 2.10, it has new dependencies.