FusionpbxCVEs & Vulnerabilities

52 CVEs affecting Fusionpbx products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

fusionpbx 52
CVE-2024-24539MEDIUM

FusionPBX before 5.2.0 does not validate a session.

18 Mar 2024
5.3
CVSS
CVE-2024-23387MEDIUM

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

19 Jan 2024
4.8
CVSS
CVE-2021-43403MEDIUM

An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).

29 Sep 2022
6.5
CVSS
CVE-2022-35153CRITICAL

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.

18 Aug 2022
9.8
CVSS
CVE-2021-37524MEDIUM

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.

1 Jul 2022
6.1
CVSS
CVE-2022-28055CRITICAL

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

4 May 2022
9.8
CVSS
CVE-2021-43406HIGH

An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).

5 Nov 2021
8.8
CVSS
CVE-2021-43405HIGHpoc

An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).

5 Nov 2021
8.8
CVSS
CVE-2021-43404HIGH

An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.

5 Nov 2021
8.8
CVSS
CVE-2020-21057HIGH

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.

20 May 2021
8.1
CVSS
CVE-2020-21056MEDIUM

Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.

20 May 2021
4.3
CVSS
CVE-2020-21055MEDIUM

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.

20 May 2021
6.5
CVSS
CVE-2020-21054MEDIUM

Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.

20 May 2021
6.1
CVSS
CVE-2020-21053MEDIUM

Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.

20 May 2021
6.1
CVSS
CVE-2019-19388MEDIUM

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.

29 Nov 2019
6.1
CVSS
CVE-2019-19387MEDIUM

A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.

29 Nov 2019
6.1
CVSS
CVE-2019-19386MEDIUM

A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.

29 Nov 2019
6.1
CVSS
CVE-2019-19385MEDIUM

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.

29 Nov 2019
6.1
CVSS
CVE-2019-19384MEDIUM

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.

29 Nov 2019
6.1
CVSS
CVE-2019-19367MEDIUM

A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

27 Nov 2019
6.1
CVSS
CVE-2019-19366MEDIUM

A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

27 Nov 2019
6.1
CVSS
CVE-2019-16977MEDIUM

In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16975MEDIUM

In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16976MEDIUM

In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16973MEDIUM

In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16972MEDIUM

In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16971MEDIUM

In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

23 Oct 2019
6.1
CVSS
CVE-2019-16974MEDIUM

In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

22 Oct 2019
6.1
CVSS
CVE-2019-16969MEDIUM

In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

22 Oct 2019
6.1
CVSS
CVE-2019-16970MEDIUM

In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16968MEDIUM

An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16965HIGH

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

21 Oct 2019
7.2
CVSS
CVE-2019-16964HIGH

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.

21 Oct 2019
8.8
CVSS
CVE-2019-16991MEDIUM

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16989MEDIUM

In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16988MEDIUM

In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16987MEDIUM

In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16986MEDIUM

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)

21 Oct 2019
6.5
CVSS
CVE-2019-16985MEDIUM

In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

21 Oct 2019
6.5
CVSS
CVE-2019-16984MEDIUM

In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16983MEDIUM

In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16982MEDIUM

In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16981MEDIUM

In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16990MEDIUM

In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

21 Oct 2019
6.5
CVSS
CVE-2019-16980HIGH

In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

21 Oct 2019
8.8
CVSS
CVE-2019-16979MEDIUM

In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-16978MEDIUM

In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.

21 Oct 2019
6.1
CVSS
CVE-2019-15029HIGHpoc

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.

6 Sep 2019
8.8
CVSS
← PrevPage 1 / 2Next →