app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
References
Link | Resource |
---|---|
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html | Third Party Advisory |
https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef | Patch Third Party Advisory |
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html | Third Party Advisory |
https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 04:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Third Party Advisory | |
References | () https://github.com/fusionpbx/fusionpbx/commit/f38676b7b63bb1ec3a68d577fe23e6701f482aef - Patch, Third Party Advisory |
Information
Published : 2019-06-17 18:15
Updated : 2024-11-21 04:21
NVD link : CVE-2019-11407
Mitre link : CVE-2019-11407
CVE.ORG link : CVE-2019-11407
JSON object : View
Products Affected
fusionpbx
- fusionpbx
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor