Fusionpbx Security Vulnerabilities and Issues — Fusionpbx CVE List

Lucene search

FusionpbxFusionpbx

6 matches found

CVE•added 2019/09/05 9:15 p.m.•128 views

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id f...

9CVSS8.9AI score0.21947EPSS

CVE•added 2019/10/21 7:15 p.m.•87 views

CVE-2019-16964

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any comm...

9CVSS8.8AI score0.03624EPSS

CVE•added 2019/10/21 7:15 p.m.•84 views

CVE-2019-16965

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

9CVSS7.2AI score0.02889EPSS

CVE•added 2022/05/04 3:15 a.m.•62 views

CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

9.8CVSS9.7AI score0.06391EPSS

CVE•added 2019/06/17 7:15 p.m.•39 views

CVE-2019-11410

app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.

9CVSS7.2AI score0.02355EPSS

CVE•added 2022/08/18 5:15 a.m.•36 views

CVE-2022-35153

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.

9.8CVSS9.7AI score0.00582EPSS