CVE-2019-16964

app/callcenters/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers with at least the permission callcenterqueueadd or callcenterqueueedit to execute any commands on...

CVE-2019-16988

In FusionPBX up to v4.5.7, the file app\basicoperatorpanel\resources\content.php uses an unsanitized "eavesdropdest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS...

EUVD-2019-7445

Malware in sbrugna...

EUVD-2019-7451

Malware in sbrugna...

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

CVE-2021-43403

An issue was discovered in FusionPBX before 4.5.30. The logviewer.php Log View page allows an authenticated user to choose an arbitrary filename for download i.e., not necessarily freeswitch.log in the intended directory...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2021-37587)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...