Vulnerabilities > Fusionpbx

DATE CVE VULNERABILITY TITLE RISK
2019-06-17 CVE-2019-11410 OS Command Injection vulnerability in Fusionpbx 4.4.3
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
network
low complexity
fusionpbx CWE-78
critical
9.0
2019-06-17 CVE-2019-11407 Information Exposure vulnerability in Fusionpbx 4.4.3
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
network
low complexity
fusionpbx CWE-200
4.0
2019-06-17 CVE-2019-11408 Cross-site Scripting vulnerability in Fusionpbx 4.4.3
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number.
network
fusionpbx CWE-79
4.3