Lucene search
MitreCVELIST:CVE-2019-11409HistoryJun 17, 2019 - 6:02 p.m.
CVE-2019-11409
2019-06-1718:02:23
mitre
www.cve.org
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
References
packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html
packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-Execution.html
blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611
Related
cve
cve
CVE-2019-11409
2019-06-17 19:15:11
packetstorm
packetstorm
FusionPBX Operator Panel exec.php Command Execution
2019-11-14 00:00:00
FusionPBX 4.4.3 Remote Command Execution
2019-06-12 00:00:00
zdt
zdt
FusionPBX Operator Panel (exec.php) Command Execution Exploit
2019-11-15 00:00:00
prion
prion
Command injection
2019-06-17 19:15:00
nvd
nvd
CVE-2019-11409
2019-06-17 19:15:11
exploitdb
exploitdb
FusionPBX 4.4.3 - Remote Command Execution
2019-06-12 00:00:00
exploitpack
exploitpack
FusionPBX 4.4.3 - Remote Command Execution
2019-06-12 00:00:00