Command Injection Vulnerability in FusionPBX Backup Module

Command Injection Vulnerability in FusionPBX Backup Module

CVE-2019-11410 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.

Learn more about our Web Application Penetration Testing UK.