What is CVE-2019-11409?

CVE-2019-11409 is a vulnerability in N/a. Published 2019-06-17.

Is CVE-2019-11409 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-11409

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the…

EPSS: 0.865 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611 (x_refsource_MISC)
packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.h… (x_refsource_MISC)
blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities… (x_refsource_MISC)
packetstormsecurity.com/files/155344/FusionPBX-Operator-Panel-exec.php-Command-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-11409?: CVE-2019-11409 is a vulnerability in N/a. Published 2019-06-17.
Is CVE-2019-11409 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.