CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:fusionpbx:fusionpbx:4.4.8:*:*:*:*:*:*:*

Information

Published : 2019-09-05 14:15

Updated : 2020-08-24 10:37


NVD link : CVE-2019-15029

Mitre link : CVE-2019-15029


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

fusionpbx

  • fusionpbx