Metasploit modules that can be used to exploit Fusionpbx » Fusionpbx

Order by Disclosure Date Module Name Module Type
  • FusionPBX Operator Panel exec.php Command Execution
    Disclosure Date: 2019-06-06
    First seen: 2020-04-26
    exploit/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec
    This module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The `exec.php` file within the Operator Panel permits users with `operator_panel_view` permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a `system` command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64). Authors: - Dustin Cobb - bcoles <bcoles@gmail.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close