FusionPBX - Security Researcher - Exploit Intelligence Platform

CVE-2020-21053 WRITEUP MEDIUM WRITEUP

FusionPBX 4.5.7 - Stored Cross-Site Scripting via Device Imports Query String

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

CVSS 6.1

View Code

CVE-2020-21055 WRITEUP MEDIUM WRITEUP

FusionPBX 4.5.7 - Path Traversal via File Rename Parameters

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.

CVSS 6.5

View Code

CVE-2020-21056 WRITEUP MEDIUM WRITEUP

FusionPBX 4.5.7 - Path Traversal via folder Variable in foldernew.php

Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.

CVSS 4.3

View Code

CVE-2020-21057 WRITEUP HIGH WRITEUP

FusionPBX 4.5.7 - Path Traversal via app/edit/folderdelete.php

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.

CVSS 8.1

View Code

CVE-2021-43403 WRITEUP MEDIUM WRITEUP

FusionPBX <4.5.30 - Info Disclosure

An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).

CVSS 6.5

View Code

CVE-2021-43404 WRITEUP HIGH WRITEUP

FusionPBX <4.5.30 - Info Disclosure

An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.

CVSS 8.8

View Code

CVE-2021-43406 WRITEUP HIGH WRITEUP

FusionPBX <4.5.30 - Info Disclosure

An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).

CVSS 8.8

View Code

CVE-2022-28055 WRITEUP CRITICAL WRITEUP

FusionPBX < 4.4.0 - OS Command Injection via Email Log Download

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

CVSS 9.8

View Code

CVE-2022-35153 WRITEUP CRITICAL WRITEUP

FusionPBX 5.0.1 - OS Command Injection via Fax Send Endpoint

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.

CVSS 9.8

View Code

CVE-2024-24539 WRITEUP MEDIUM WRITEUP

FusionPBX <5.2.0 - Privilege Escalation

FusionPBX before 5.2.0 does not validate a session.

CVSS 5.3

View Code