Description
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef
Third Party Advisory x_refsource_misc
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
Scores
CVSS v3
7.2
EPSS
0.0073
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
fusionpbx/fusionpbx
4.4.3
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026