Main
Vulnerability Database
Exploits
ID:5920 - Exploit for Command Injection in FusionPBX - CVE-2019-11409
ID:5920 - Exploit for Command Injection in FusionPBX - CVE-2019-11409
Published: June 17, 2021
Vulnerability identifier: #VU22290
Vulnerability risk: High
CVE-ID: CVE-2019-11409
CWE-ID: CWE-77
Exploitation vector: Remote access
Vulnerable software:
FusionPBX
FusionPBX
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The
vulnerability exists due to a lack of input validation in the "exec.php" component in the Operator Panel module. A remote authenticated attacker can execute arbitrary commands on the host.
Remediation
Install updates from vendor's website.