app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
References
Link | Resource |
---|---|
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html | Third Party Advisory |
https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84 | Patch Third Party Advisory |
https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html | Third Party Advisory |
https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 04:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Third Party Advisory | |
References | () https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84 - Patch, Third Party Advisory |
Information
Published : 2019-06-17 19:15
Updated : 2024-11-21 04:21
NVD link : CVE-2019-11410
Mitre link : CVE-2019-11410
CVE.ORG link : CVE-2019-11410
JSON object : View
Products Affected
fusionpbx
- fusionpbx
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')