Published: 05/11/2021 Updated: 08/08/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An issue exists in FusionPBX prior to 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).

Vulnerable Product	Search on Vulmon	Subscribe to Product
fusionpbx fusionpbx

FusionPBX version 4529 suffers from a remote code execution vulnerability ...

Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet

📡FusionPBX-4529 Remote Code Execution RCE Authenticated📡 Remote code execution (RCE) is a class of software security flaws/vulnerabilities RCE vulnerabilities will allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet Exploit Title: FusionPBX 4529 - Remote Code Execution (RCE) (Authenticated) 📅 Date: 11/08/2021

NVD-CWE-Other https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59 http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/armadill00/-FusionPBX-4.5.29---Remote-Code-Execution-RCE-Authenticated-https://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html

CVE-2021-43405

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect