Produkt Fusionpbx (...) - CVEMAP.ORG

Podatności dla 'Fusionpbx'

2022-05-04

CVE-2022-28055

CWE-77

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

2021-11-05

CVE-2021-43404

CWE-20

An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.

CVE-2021-43405

CWE-20

An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).

CVE-2021-43406

CWE-20

An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).

2021-05-20

CVE-2020-21054

CWE-79

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.

CVE-2020-21055

CWE-22

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.

CVE-2020-21056

CWE-22

Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.

CVE-2020-21057

CWE-22

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.

CVE-2020-21053

CWE-79

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

2019-11-29

CVE-2019-19388

CWE-79

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.

Copyright 2024, cxsecurity.com