Command Injection Vulnerability in FusionPBX Call Center Queue Module

Command Injection Vulnerability in FusionPBX Call Center Queue Module

CVE-2019-16964 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.

Learn more about our Web Application Penetration Testing UK.