Описание
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.7 (включая)
cpe:2.3:a:fusionpbx:fusionpbx:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02731
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
EPSS
Процентиль: 86%
0.02731
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78