FusionPBX

30 exploits Active since Jun 2019
CVE-2021-43404 WRITEUP HIGH WRITEUP
FusionPBX <4.5.30 - Info Disclosure
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVSS 8.8
CVE-2021-43406 WRITEUP HIGH WRITEUP
FusionPBX <4.5.30 - Info Disclosure
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVSS 8.8
CVE-2022-28055 WRITEUP CRITICAL WRITEUP
Fusionpbx < 4.4.0 - OS Command Injection
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVSS 9.8
CVE-2022-35153 WRITEUP CRITICAL WRITEUP
Fusionpbx - Command Injection
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVSS 9.8
CVE-2024-24539 WRITEUP MEDIUM WRITEUP
FusionPBX <5.2.0 - Privilege Escalation
FusionPBX before 5.2.0 does not validate a session.
CVSS 5.3