FusionPBX Command Injection Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A command injection vulnerability exists in the resources/cmd.php file in FusionPBX 4.5.7 a...

PT-2019-14885 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue is related to a command injection vulnerability due to a lack of input validation in the resources/cmd.php file. This allows authenticated administrative attackers to execute any commands ...