Product:

Fusionpbx

(Fusionpbx)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 51
Date Id Summary Products Score Patch Annotated
2024-01-19 CVE-2024-23387 FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. Fusionpbx 4.8
2021-11-05 CVE-2021-43404 An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. Fusionpbx 8.8
2021-11-05 CVE-2021-43405 An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). Fusionpbx 8.8
2022-05-04 CVE-2022-28055 Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. Fusionpbx 9.8
2022-08-18 CVE-2022-35153 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. Fusionpbx 9.8
2019-10-21 CVE-2019-16978 In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. Fusionpbx 6.1
2019-10-21 CVE-2019-16979 In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. Fusionpbx 6.1
2019-10-21 CVE-2019-16980 In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. Fusionpbx 8.8
2019-10-21 CVE-2019-16990 In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. Fusionpbx 6.5
2019-10-21 CVE-2019-16981 In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. Fusionpbx 6.1