FusionPBX
by FusionPBX
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15029 | Hig | 0.61 | 8.8 | 0.12 | Sep 5, 2019 | FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request… | ||
| CVE-2019-16980 | Hig | 0.50 | 8.8 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | ||
| CVE-2019-16965 | Hig | 0.40 | 7.2 | 0.03 | Oct 21, 2019 | resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | ||
| CVE-2019-16986 | Med | 0.35 | 6.5 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) | ||
| CVE-2019-16985 | Med | 0.35 | 6.5 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | ||
| CVE-2019-16990 | Med | 0.35 | 6.5 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | ||
| CVE-2019-16977 | Med | 0.33 | 6.1 | 0.01 | Oct 23, 2019 | In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16975 | Med | 0.33 | 6.1 | 0.01 | Oct 23, 2019 | In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16976 | Med | 0.33 | 6.1 | 0.01 | Oct 23, 2019 | In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||
| CVE-2019-16973 | Med | 0.33 | 6.1 | 0.01 | Oct 22, 2019 | In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16972 | Med | 0.33 | 6.1 | 0.01 | Oct 22, 2019 | In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16971 | Med | 0.33 | 6.1 | 0.01 | Oct 22, 2019 | In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | ||
| CVE-2019-16974 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16969 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16970 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16968 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | ||
| CVE-2019-16991 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16989 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||
| CVE-2019-16988 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | ||
| CVE-2019-16987 | Med | 0.33 | 6.1 | 0.01 | Oct 21, 2019 | In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. |
- risk 0.61cvss 8.8epss 0.12
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request…
- risk 0.50cvss 8.8epss 0.01
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.
- risk 0.40cvss 7.2epss 0.03
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
- risk 0.35cvss 6.5epss 0.01
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
- risk 0.35cvss 6.5epss 0.01
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
- risk 0.35cvss 6.5epss 0.01
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
- risk 0.33cvss 6.1epss 0.01
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
Page 1 of 3