Vulnerabilities > Fusionpbx > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-05 | CVE-2021-43404 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 8.8 |
| 2021-11-05 | CVE-2021-43405 | Unspecified vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 8.8 |
| 2021-11-05 | CVE-2021-43406 | Improper Input Validation vulnerability in Fusionpbx An issue was discovered in FusionPBX before 4.5.30. | 8.8 |
| 2021-05-20 | CVE-2020-21057 | Path Traversal vulnerability in Fusionpbx 4.5.7 Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | 8.1 |
| 2019-10-21 | CVE-2019-16965 | OS Command Injection vulnerability in Fusionpbx resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | 7.2 |
| 2019-10-21 | CVE-2019-16964 | OS Command Injection vulnerability in Fusionpbx app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | 8.8 |
| 2019-10-21 | CVE-2019-16980 | SQL Injection vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | 8.8 |
| 2019-09-05 | CVE-2019-15029 | OS Command Injection vulnerability in Fusionpbx 4.4.8 FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). | 8.8 |
| 2019-06-17 | CVE-2019-11410 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | 7.2 |
| 2019-06-17 | CVE-2019-11409 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. | 8.8 |