Nate - Security Researcher - Exploit Intelligence Platform

CVE-2019-16980 WRITEUP HIGH WRITEUP

Fusionpbx < 4.5.7 - SQL Injection

In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

CVSS 8.8

View Code

CVE-2019-16990 WRITEUP MEDIUM WRITEUP

Fusionpbx < 4.5.7 - Path Traversal

In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

CVSS 6.5

View Code

CVE-2019-19366 WRITEUP MEDIUM WRITEUP

FusionPBX 4.4.1 - XSS

A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

CVSS 6.1

View Code