Shodan
Vulnerabilities
Vulnerable Software
Fusionpbx:  >> Fusionpbx  Security Vulnerabilities
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-03-18
CVE-2024-23387
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-19
CVE-2021-43403
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-29
CVE-2022-35153
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-08-18
CVE-2021-37524
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-07-01
CVE-2022-28055
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVSS Score
9.8
EPSS Score
0.064
Published
2022-05-04
CVE-2021-43404
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-05
CVE-2021-43405
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).
CVSS Score
8.8
EPSS Score
0.112
Published
2021-11-05
CVE-2021-43406
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-05
CVE-2020-21054
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved