Vulnerabilities > Fusionpbx

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-28055 Command Injection vulnerability in Fusionpbx
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
network
low complexity
fusionpbx CWE-77
7.5
2021-11-05 CVE-2021-43404 Improper Input Validation vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx CWE-20
6.5
2021-11-05 CVE-2021-43405 Improper Input Validation vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx CWE-20
6.5
2021-11-05 CVE-2021-43406 Improper Input Validation vulnerability in Fusionpbx
An issue was discovered in FusionPBX before 4.5.30.
network
low complexity
fusionpbx CWE-20
6.5
2021-05-20 CVE-2020-21054 Cross-site Scripting vulnerability in Fusionpbx 4.5.7
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
network
fusionpbx CWE-79
4.3
2021-05-20 CVE-2020-21055 Path Traversal vulnerability in Fusionpbx 4.5.7
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
network
low complexity
fusionpbx CWE-22
4.0
2021-05-20 CVE-2020-21056 Path Traversal vulnerability in Fusionpbx 4.5.7
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
network
low complexity
fusionpbx CWE-22
4.0
2021-05-20 CVE-2020-21057 Path Traversal vulnerability in Fusionpbx 4.5.7
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
network
low complexity
fusionpbx CWE-22
5.5
2021-05-20 CVE-2020-21053 Cross-site Scripting vulnerability in Fusionpbx 4.5.7
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
network
fusionpbx CWE-79
4.3
2019-11-29 CVE-2019-19388 Cross-site Scripting vulnerability in Fusionpbx 4.4.1
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
network
fusionpbx CWE-79
4.3