Vulnerabilities > Fusionpbx > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-18 | CVE-2022-35153 | Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 |
| 2022-05-04 | CVE-2022-28055 | OS Command Injection vulnerability in Fusionpbx Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | 9.8 |
| 2019-10-21 | CVE-2019-16964 | OS Command Injection vulnerability in Fusionpbx app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | 9.0 |
| 2019-09-05 | CVE-2019-15029 | OS Command Injection vulnerability in Fusionpbx 4.4.8 FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). | 9.0 |
| 2019-06-17 | CVE-2019-11410 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | 9.0 |