RSS   Vulnerabilities for 'Fusionpbx'   RSS

2022-05-04
 
CVE-2022-28055

CWE-77
 

 
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

 
2021-11-05
 
CVE-2021-43404

CWE-20
 

 
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.

 
 
CVE-2021-43405

CWE-20
 

 
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).

 
 
CVE-2021-43406

CWE-20
 

 
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).

 
2021-05-20
 
CVE-2020-21054

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.

 
 
CVE-2020-21055

CWE-22
 

 
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.

 
 
CVE-2020-21056

CWE-22
 

 
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.

 
 
CVE-2020-21057

CWE-22
 

 
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.

 
 
CVE-2020-21053

CWE-79
 

 
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

 
2019-11-29
 
CVE-2019-19388

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top