8 matches found
FusionPBX Operator Panel (exec.php) Command Execution Exploit
This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user ...
FusionPBX Operator Panel exec.php Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...
CVE-2019-11409
app/operatorpanel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when...
CVE-2019-11409
FusionPBX Operator Panel (exec.php) suffers a command-injection flaw in 4.4.3 and earlier. The vuln arises from insufficient input validation in app/operator_panel/exec.php, allowing authenticated users with operator_panel_view or admin rights to inject commands that execute on the web server (vi...
FusionPBX 4.4.3 - Remote Command Execution
FusionPBX 4.4.3 - Remote Command Execution Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 C...
FusionPBX 4.4.3 Remote Command Execution
Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...
FusionPBX 4.4.3 - Remote Command Execution Exploit #RCE
Exploit for php platform in category web applications Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on:...
FusionPBX 4.4.3 - Remote Command Execution
Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...