CVE-2019-11410

app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fusionpbx:fusionpbx:4.4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:21

Type Values Removed Values Added
References () https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Third Party Advisory () https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html - Third Party Advisory
References () https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84 - Patch, Third Party Advisory () https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84 - Patch, Third Party Advisory

Information

Published : 2019-06-17 19:15

Updated : 2024-11-21 04:21


NVD link : CVE-2019-11410

Mitre link : CVE-2019-11410

CVE.ORG link : CVE-2019-11410


JSON object : View

Products Affected

fusionpbx

  • fusionpbx
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')