resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
References
Link | Resource |
---|---|
https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173 | Third Party Advisory |
https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/ | Third Party Advisory |
https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173 | Third Party Advisory |
https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/fusionpbx/fusionpbx/commit/6baad9af1bc55c80b793af3bd1ac35b39c20b173 - Third Party Advisory | |
References | () https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-sofia-api-command-injection-2/ - Third Party Advisory |
Information
Published : 2019-10-21 19:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16965
Mitre link : CVE-2019-16965
CVE.ORG link : CVE-2019-16965
JSON object : View
Products Affected
fusionpbx
- fusionpbx
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')