CVE-2019-11407
HIGHFusionPBX 4.4.3 - Authenticated Sensitive Information Exposure via Operator Panel Debug Information
Title source: llmDescription
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef
Third Party Advisory x_refsource_misc
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html
Scores
CVSS v3
7.2
EPSS
0.0154
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
fusionpbx/fusionpbx
4.4.3
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026