Fusionpbx
By the Year
In 2024 there have been 1 vulnerability in Fusionpbx with an average score of 4.8 out of ten. Fusionpbx did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 4.80 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 8.05 |
| 2021 | 8 | 7.19 |
| 2020 | 0 | 0.00 |
| 2019 | 38 | 6.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Fusionpbx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fusionpbx Security Vulnerabilities
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability
CVE-2024-23387
4.8 - Medium
- January 19, 2024
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
XSS
An issue was discovered in FusionPBX before 4.5.30
CVE-2021-43403
6.5 - Medium
- September 29, 2022
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability
CVE-2022-35153
9.8 - Critical
- August 18, 2022
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
Output Sanitization
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26
CVE-2021-37524
6.1 - Medium
- July 01, 2022
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
XSS
Fusionpbx v4.4 and below contains a command injection vulnerability
CVE-2022-28055
9.8 - Critical
- May 04, 2022
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
Shell injection
An issue was discovered in FusionPBX before 4.5.30
CVE-2021-43405
8.8 - High
- November 05, 2021
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
An issue was discovered in FusionPBX before 4.5.30
CVE-2021-43404
8.8 - High
- November 05, 2021
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
An issue was discovered in FusionPBX before 4.5.30
CVE-2021-43406
8.8 - High
- November 05, 2021
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
Improper Input Validation
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which
CVE-2020-21056
4.3 - Medium
- May 20, 2021
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
Directory traversal
Directory Traversal vulnerability in FusionPBX 4.5.7, which
CVE-2020-21057
8.1 - High
- May 20, 2021
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
Directory traversal
A Directory Traversal vulnerability exists in FusionPBX 4.5.7
CVE-2020-21055
6.5 - Medium
- May 20, 2021
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
Directory traversal
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7
CVE-2020-21054
6.1 - Medium
- May 20, 2021
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
XSS
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7
CVE-2020-21053
6.1 - Medium
- May 20, 2021
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
XSS
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1
CVE-2019-19386
6.1 - Medium
- November 29, 2019
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1
CVE-2019-19387
6.1 - Medium
- November 29, 2019
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1
CVE-2019-19388
6.1 - Medium
- November 29, 2019
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1
CVE-2019-19385
6.1 - Medium
- November 29, 2019
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1
CVE-2019-19384
6.1 - Medium
- November 29, 2019
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1
CVE-2019-19366
6.1 - Medium
- November 27, 2019
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
XSS
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1
CVE-2019-19367
6.1 - Medium
- November 27, 2019
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
XSS
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming
CVE-2019-16977
6.1 - Medium
- October 23, 2019
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming
CVE-2019-16975
6.1 - Medium
- October 23, 2019
In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming
CVE-2019-16976
6.1 - Medium
- October 23, 2019
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming
CVE-2019-16973
6.1 - Medium
- October 22, 2019
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming
CVE-2019-16972
6.1 - Medium
- October 22, 2019
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming
CVE-2019-16971
6.1 - Medium
- October 22, 2019
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming
CVE-2019-16974
6.1 - Medium
- October 21, 2019
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming
CVE-2019-16969
6.1 - Medium
- October 21, 2019
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming
CVE-2019-16970
6.1 - Medium
- October 21, 2019
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
An issue was discovered in FusionPBX up to 4.5.7
CVE-2019-16968
6.1 - Medium
- October 21, 2019
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
XSS
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which
CVE-2019-16965
7.2 - High
- October 21, 2019
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
Shell injection
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which
CVE-2019-16964
8.8 - High
- October 21, 2019
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
Shell injection
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and
CVE-2019-16986
6.5 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
Directory traversal
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming
CVE-2019-16991
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming
CVE-2019-16989
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming
CVE-2019-16988
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming
CVE-2019-16987
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and
CVE-2019-16985
6.5 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.
Directory traversal
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming
CVE-2019-16984
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially
CVE-2019-16983
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming
CVE-2019-16982
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming
CVE-2019-16981
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and
CVE-2019-16990
6.5 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
Directory traversal
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming
CVE-2019-16978
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming
CVE-2019-16979
6.1 - Medium
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
XSS
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming
CVE-2019-16980
8.8 - High
- October 21, 2019
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.
SQL Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (
CVE-2019-15029
8.8 - High
- September 05, 2019
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
Shell injection
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which
CVE-2019-11410
7.2 - High
- June 17, 2019
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
Shell injection
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation
CVE-2019-11409
8.8 - High
- June 17, 2019
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
Shell injection
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which
CVE-2019-11407
7.2 - High
- June 17, 2019
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
Information Disclosure
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3
CVE-2019-11408
6.1 - Medium
- June 17, 2019
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.
XSS
