CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16980

In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2019-16980

Fusionpbx » Fusionpbx » Version: 4.0.0

cpe:2.3:a:fusionpbx:fusionpbx:4.0.0
Fusionpbx » Fusionpbx » Version: 4.2

cpe:2.3:a:fusionpbx:fusionpbx:4.2
Fusionpbx » Fusionpbx » Version: 4.2.1

cpe:2.3:a:fusionpbx:fusionpbx:4.2.1
Fusionpbx » Fusionpbx » Version: 4.2.2

cpe:2.3:a:fusionpbx:fusionpbx:4.2.2
Fusionpbx » Fusionpbx » Version: 4.4.0

cpe:2.3:a:fusionpbx:fusionpbx:4.4.0
Fusionpbx » Fusionpbx » Version: 4.4.1

cpe:2.3:a:fusionpbx:fusionpbx:4.4.1
Fusionpbx » Fusionpbx » Version: 4.4.3

cpe:2.3:a:fusionpbx:fusionpbx:4.4.3
Fusionpbx » Fusionpbx » Version: 4.4.8

cpe:2.3:a:fusionpbx:fusionpbx:4.4.8
Fusionpbx » Fusionpbx » Version: 4.5.7

cpe:2.3:a:fusionpbx:fusionpbx:4.5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16980

Products

Pricing

Contact Us