exploitDog

GHSA-2ghq-f5hx-5jwp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

Ссылки

EPSS

Процентиль: 86%

0.02747

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-16965

CVSS3: 7.2

nvd

больше 6 лет назад

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

EPSS

Процентиль: 86%

0.02747

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-78