PT-2019-12295 · Fusionpbx · Fusionpbx
Dustin Cobb
·
Published
2019-06-17
·
Updated
2020-08-24
·
CVE-2019-11410
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FusionPBX version 4.4.3
Description
The issue arises from a command injection vulnerability in the Backup Module of FusionPBX due to inadequate input validation. This allows authenticated administrative attackers to execute commands on the host.
Recommendations
For FusionPBX version 4.4.3, update to a version that includes input validation for the Backup Module to prevent command injection attacks.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fusionpbx