-
FusionPBX Operator Panel exec.php Command Execution
Disclosure Date: 2019-06-06First seen: 2020-04-26exploit/unix/webapp/fusionpbx_operator_panel_exec_cmd_execThis module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The `exec.php` file within the Operator Panel permits users with `operator_panel_view` permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a `system` command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64). Authors: - Dustin Cobb - bcoles <bcoles@gmail.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details