FusionPBX

30 exploits Active since Jun 2019
CVE-2019-11407 WRITEUP HIGH WRITEUP
FusionPBX 4.4.3 - Info Disclosure
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
CVSS 7.2
CVE-2019-16968 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
CVSS 6.1
CVE-2019-16970 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16971 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16972 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16973 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16974 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16975 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16976 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16977 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16979 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16981 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16983 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16985 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - Path Traversal
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
CVSS 6.5
CVE-2019-16987 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16988 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16991 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-19367 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS 6.1
CVE-2019-19385 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVSS 6.1
CVE-2019-19387 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVSS 6.1
CVE-2020-21053 WRITEUP MEDIUM WRITEUP
Fusionpbx - XSS
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVSS 6.1
CVE-2020-21055 WRITEUP MEDIUM WRITEUP
Fusionpbx - Path Traversal
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVSS 6.5
CVE-2020-21056 WRITEUP MEDIUM WRITEUP
Fusionpbx - Path Traversal
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVSS 4.3
CVE-2020-21057 WRITEUP HIGH WRITEUP
Fusionpbx - Path Traversal
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVSS 8.1
CVE-2021-43403 WRITEUP MEDIUM WRITEUP
FusionPBX <4.5.30 - Info Disclosure
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
CVSS 6.5