VYPR

FusionPBX

by FusionPBX

Source repositories

CVEs (52)

  • CVE-2019-15029HigSep 5, 2019
    risk 0.61cvss 8.8epss 0.12

    FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request…

  • CVE-2019-16980HigOct 21, 2019
    risk 0.50cvss 8.8epss 0.01

    In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

  • CVE-2019-16965HigOct 21, 2019
    risk 0.40cvss 7.2epss 0.03

    resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

  • CVE-2019-16986MedOct 21, 2019
    risk 0.35cvss 6.5epss 0.01

    In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)

  • CVE-2019-16985MedOct 21, 2019
    risk 0.35cvss 6.5epss 0.01

    In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

  • CVE-2019-16990MedOct 21, 2019
    risk 0.35cvss 6.5epss 0.01

    In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

  • CVE-2019-16977MedOct 23, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16975MedOct 23, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16976MedOct 23, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

  • CVE-2019-16973MedOct 22, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16972MedOct 22, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16971MedOct 22, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

  • CVE-2019-16974MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16969MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16970MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16968MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.

  • CVE-2019-16991MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16989MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16988MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

  • CVE-2019-16987MedOct 21, 2019
    risk 0.33cvss 6.1epss 0.01

    In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

Page 1 of 3