Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...

6.5CVSS6.8AI score0.01405EPSS
Exploits0References1
NVD
NVD
added 2019/10/21 4:15 p.m.15 views

CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...

6.5CVSS6.5AI score0.01405EPSS
Exploits0References3
OSV
OSV
added 2019/10/21 4:15 p.m.7 views

CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...

6.5CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2019/10/21 3:38 p.m.16 views

CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...

6.5AI score0.01405EPSS
Exploits0References3
CVE
CVE
added 2019/10/21 3:38 p.m.83 views

CVE-2019-16986

FusionPBX exposes a path-traversal/download flaw in resource files. Up to v4.5.7, the unsanitized URL parameter f in resources/download.php (and in resources/secure_download.php) lets an attacker download arbitrary files. Affected versions: FusionPBX

6.5CVSS6.4AI score0.01405EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder