Lucene search
K

8 matches found

0day.today
0day.today
added 2019/11/15 12:0 a.m.91 views

FusionPBX Operator Panel (exec.php) Command Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user ...

8.8CVSS0.6AI score0.8748EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/11/14 12:0 a.m.426 views

FusionPBX Operator Panel exec.php Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

6.5CVSS8.8AI score0.8748EPSS
Exploits9
NVD
NVD
added 2019/06/17 7:15 p.m.13 views

CVE-2019-11409

app/operatorpanel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when...

8.8CVSS8.9AI score0.8748EPSS
Exploits9References4
CVE
CVE
added 2019/06/17 6:2 p.m.115 views

CVE-2019-11409

FusionPBX Operator Panel (exec.php) suffers a command-injection flaw in 4.4.3 and earlier. The vuln arises from insufficient input validation in app/operator_panel/exec.php, allowing authenticated users with operator_panel_view or admin rights to inject commands that execute on the web server (vi...

8.8CVSS8.8AI score0.8748EPSS
Exploits9References4Affected Software1
exploitpack
exploitpack
added 2019/06/12 12:0 a.m.51 views

FusionPBX 4.4.3 - Remote Command Execution

FusionPBX 4.4.3 - Remote Command Execution Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 C...

6.5CVSS7.7AI score0.8748EPSS
Exploits10
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.564 views

FusionPBX 4.4.3 Remote Command Execution

Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...

7.4AI score0.8748EPSS
Exploits10
0day.today
0day.today
added 2019/06/12 12:0 a.m.318 views

FusionPBX 4.4.3 - Remote Command Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on:...

7.1AI score0.8748EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/06/12 12:0 a.m.493 views

FusionPBX 4.4.3 - Remote Command Execution

Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...

8.8CVSS6.6AI score0.8748EPSS
Exploits10
Rows per page
Query Builder