Pierre Jourdan

**Nome do software vulnerável e versões afetadas: FusionPBX versão 4.5.7 Descrição: Existe uma vulnerabilidade de traversal de diretório, permitindo que usuários mal-intencionados renomeiem qualquer arquivo no sistema. Isso é possível por meio das variáveis `folder`, `filename` e `newfilename` no arquivo appeditfilerename.php. Recomendações: Para o FusionPBX versão 4.5.7, considere restringir o acesso ao arquivo appeditfilerename.php até que uma correção esteja disponível. Como solução temporária, evite usar as variáveis `folder`, `filename` e `newfilename` no arquivo afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: FusionPBX versão 4.5.7 Descrição: Existe uma vulnerabilidade de traversal de diretório, permitindo que um usuário mal-intencionado remoto crie pastas por meio da variável `folder` no arquivo “appeditfoldernew.php”. Recomendações: Para o FusionPBX versão 4.5.7, considere restringir o acesso ao endpoint “appeditfoldernew.php” até que uma correção esteja disponível. Como solução temporária, evite usar a variável `folder` no endpoint afetado para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas: FusionPBX versão 4.5.7 Descrição: Uma vulnerabilidade de traversal de diretório permite que um usuário mal-intencionado remoto exclua pastas do sistema. Isso é feito explorando a variável `folder` no endpoint “/app/edit/folderdelete.php”. Recomendações: Para o FusionPBX versão 4.5.7, considere restringir o acesso ao endpoint “/app/edit/folderdelete.php” até que uma correção esteja disponível. Como solução temporária, evite usar a variável `folder` neste endpoint para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas: FusionPBX versão 4.5.7 Descrição: Existe uma vulnerabilidade de Cross Site Scripting (XSS) que permite que usuários mal-intencionados remotos injetem scripts da Web ou HTML arbitrários por meio de uma variável `query string` não sanitizada no arquivo appdevicesdevice imports.php. Recomendações: Para o FusionPBX versão 4.5.7, atualize o software para uma versão que sanitize a variável `query string` ou, como solução temporária, considere restringir o acesso ao arquivo device imports.php para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: FusionPBX versão 4.5.7 Descrição: Uma vulnerabilidade de Cross Site Scripting (XSS) permite que usuários mal-intencionados remotos injetem scripts da web ou HTML arbitrários por meio de uma variável `f` não sanitizada no arquivo appvarsvars textarea.php. Isso permite que invasores executem scripts maliciosos no navegador da vítima. Recomendações: Para o FusionPBX versão 4.5.7, como solução temporária, considere sanitizar a variável `f` no arquivo appvarsvars textarea.php para prevenir ataques XSS. Restrinja o acesso ao arquivo vars textarea.php para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions up to 4.5.7 **Description** The issue concerns the use of an unsanitized `query string` variable in the file appdestinationsdestination imports.php, which is reflected in HTML and leads to a cross-site scripting (XSS) issue. **Recommendations** For FusionPBX versions up to 4.5.7, as a temporary workaround, consider sanitizing the `query string` variable in the destination imports.php file to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `query string` variable in the file appextensionsextension imports.php, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the webpage. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the extension imports.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `id` variable in the `contact notes.php` file, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, where an attacker can inject malicious code into the HTML of the page. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `contact notes.php` file or sanitizing the `id` variable to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions up to 4.5.7 **Description** The issue concerns the use of an unsanitized `query string` variable in the file `appcontactscontact edit.php`, which is reflected in HTML and leads to a cross-site scripting (XSS) issue. This occurs when the variable comes from the URL. **Recommendations** For FusionPBX versions up to 4.5.7, as a temporary workaround, consider sanitizing the `query string` variable in the `contact edit.php` file to prevent XSS attacks. Restrict access to the `contact edit.php` file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions up to 4.5.7 **Description** The issue arises from the file appcontactscontact addresses.php using an unsanitized `id` variable from the URL, which is then reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the webpage. **Recommendations** For FusionPBX versions up to 4.5.7, consider updating to a version that sanitizes the `id` variable to prevent XSS attacks. As a temporary workaround, restrict access to the contact addresses.php file to minimize the risk of exploitation. Avoid using the `id` variable in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions up to 4.5.7 **Description** The issue concerns the use of an unsanitized `contact uuid` variable in the file appmessagesmessages thread.php, which is reflected in HTML on three occasions, leading to a cross-site scripting (XSS) issue. This allows for the execution of malicious scripts in the context of the affected application. **Recommendations** For FusionPBX versions up to 4.5.7, update to a version that sanitizes the `contact uuid` variable to prevent XSS attacks. As a temporary workaround, consider restricting access to the messages thread.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `id` variable from the URL in the file appconference profilesconference profile params.php. This variable is reflected in HTML on two occasions, leading to a potential XSS issue. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the `id` variable to prevent XSS attacks. Restrict access to the conference profile params.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `id` variable in the file appaccess controlsaccess control nodes.php, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the webpage. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the `id` variable to prevent XSS attacks. Restrict access to the access control nodes.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns an XSS vulnerability in the paging function of the resourcespaging.php file. This function is called by several pages of the interface and uses an unsanitized `param` variable, which is partially constructed from URL arguments and reflected in HTML. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the resourcespaging.php file to minimize the risk of exploitation. Avoid using the `param` variable in the affected pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns an unsanitized `filename` variable in the `recording play.php` file, which is base64 decoded and reflected in HTML. This leads to a potential XSS issue. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `recording play.php` file to minimize the risk of exploitation. Avoid using the `filename` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `rec` variable in the `xml cdr delete.php` file, which allows for the deletion of any system file. This is achieved through a base64 decoded variable coming from the URL. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `xml cdr delete.php` file to minimize the risk of exploitation. Avoid using the `rec` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue in FusionPBX allows unauthorized access to download files due to an unsanitized variable `f` coming from the URL in the file resourcesdownload.php. This enables an attacker to download any file by providing its pathname. The resourcessecure download.php file is also affected. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the resourcesdownload.php and resourcessecure download.php files until a patch is applied. Avoid using the `f` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `query string` variable in the `contact import.php` file, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the application. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `contact import.php` file to minimize the risk of exploitation. Avoid using the `query string` variable in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized `eavesdrop dest` variable in the content.php file, which is reflected in HTML and leads to a cross-site scripting (XSS) issue. This allows for potential malicious script execution. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the content.php file in the basic operator panel resources to minimize the risk of exploitation. Avoid using the `eavesdrop dest` variable in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FusionPBX versions prior to 4.5.8 **Description** The issue concerns the use of an unsanitized variable `c` from the URL in the file appconferences activeconference interactive.php, which is reflected in HTML. This leads to a cross-site scripting (XSS) issue, allowing potential attackers to inject malicious scripts into the website. **Recommendations** For FusionPBX versions prior to 4.5.8, update to version 4.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the conference interactive.php file until a patch is applied. Avoid using the `c` variable in the affected URL until the issue is resolved.