CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
Configurations

Configuration 1

cpe:2.3:a:fusionpbx:fusionpbx:4.4.8:*:*:*:*:*:*:*

Information

Published : 2019-09-05 09:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-15029

Mitre link : CVE-2019-15029

Products Affected
No products.
CWE