VYPR

FusionPBX

by FusionPBX

CVEs (40)

  • CVE-2019-16970Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16968Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.

  • CVE-2019-16965Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.03

    resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

  • CVE-2019-16964Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.03

    app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit)…

  • CVE-2019-16988Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

  • CVE-2019-16991Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16989Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16986Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)

  • CVE-2019-16987Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16985Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

  • CVE-2019-16984Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.

  • CVE-2019-16983Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.

  • CVE-2019-16981Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

  • CVE-2019-16982Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16990Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

  • CVE-2019-16979Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

  • CVE-2019-16980Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

  • CVE-2019-16978Oct 21, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.00

    In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

  • CVE-2019-11408Jun 17, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.02

    XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code…

  • CVE-2019-11407Jun 17, 2019
    FusionPBX
    FusionPBX
    risk 0.00cvss epss 0.01

    app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.

Page 2 of 2