CVE-2019-11407: Infoleak
First published: Mon Jun 17 2019(Updated: )
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fusionpbx Fusionpbx | =4.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-11407?
CVE-2019-11407 is a vulnerability in the Operator Panel module in FusionPBX 4.4.3 that allows authenticated administrative attackers to obtain credentials and other sensitive information.
How severe is CVE-2019-11407?
CVE-2019-11407 has a severity rating of 7.2, considered high.
How can an attacker exploit CVE-2019-11407?
An attacker can exploit CVE-2019-11407 by accessing the app/operator_panel/index_inc.php page and obtaining excessive debug information, which includes credentials and sensitive data.
Which version of FusionPBX is affected by CVE-2019-11407?
CVE-2019-11407 affects FusionPBX version 4.4.3.
Is there a patch or fix available for CVE-2019-11407?
Yes, a fix for CVE-2019-11407 is available. Please refer to the official FusionPBX GitHub repository for the commit that addresses the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fusionpbx
- canonical/fusionpbx fusionpbx
- version/fusionpbx fusionpbx/4.4.3