← back
CVE-2019-15029

CVE-2019-15029

28Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 12%
from disclosure to weapon0 days
Published on NVDSep 5
1st PoCAug 24
exploitation probability
12%top 4% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.