FusionPBX.Fax.Server.fax_send.php.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in FusionPBX.
The vulnerability is due to insufficient input validation on the fax_extension parameter. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the server. A successful attack may result in arbitrary code execution in the context of the server process.
Affected Products
FusionPBX FusionPBX prior to 4.5.30 commit 2d2869c
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |