5 matches found
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
CVE-2019-16990
FusionPBX CVE-2019-16990 affects versions up to 4.5.7. The vulnerability is in music_on_hold.php where an unsanitized URL-derived file parameter (base64-encoded) enables downloading arbitrary pathnames. Core impact is potential exposure of files via crafted requests; exploitation details are not ...