Mark J Crane

13 exploits Active since Jun 2019
CVE-2019-11410 WRITEUP HIGH WRITEUP
FusionPBX 4.4.3 - Command Injection
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
CVSS 7.2
CVE-2019-16964 WRITEUP HIGH WRITEUP
Fusionpbx < 4.5.7 - OS Command Injection
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
CVSS 8.8
CVE-2019-16965 WRITEUP HIGH WRITEUP
Fusionpbx < 4.5.7 - OS Command Injection
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
CVSS 7.2
CVE-2019-16969 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16978 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16982 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16984 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-16986 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - Path Traversal
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
CVSS 6.5
CVE-2019-16989 WRITEUP MEDIUM WRITEUP
Fusionpbx < 4.5.7 - XSS
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS 6.1
CVE-2019-19384 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVSS 6.1
CVE-2019-19386 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVSS 6.1
CVE-2019-19388 WRITEUP MEDIUM WRITEUP
FusionPBX 4.4.1 - XSS
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVSS 6.1
CVE-2020-21054 WRITEUP MEDIUM WRITEUP
Fusionpbx - XSS
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVSS 6.1