CVE-2019-15029

{"id": "CVE-2019-15029", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-09-05T21:15:31.093", "references": [{"url": "https://drive.google.com/file/d/1bt08NSUaxu87LJJGdNd7LpvZ2uGauRK8/view?usp=sharing", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/mhaskar/7a6a804cd68c7fec4f9d1f5c3507900f", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://shells.systems/fusionpbx-v4-4-8-authenticated-remote-code-execution-cve-2019-15029/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command."}, {"lang": "es", "value": "FusionPBX versi\u00f3n 4.4.8 permite a un atacante ejecutar comandos arbitrarios del sistema al enviar un comando malicioso al archivo service_edit.php (que insertar\u00e1 el comando malicioso en la base de datos). Para activar el comando, es necesario llamar al archivo services.php mediante una petici\u00f3n GET con el ID del servicio seguido del par\u00e1metro a=start para ejecutar el comando almacenado."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fusionpbx:fusionpbx:4.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86C1F01C-B641-41B2-A268-55624D6479E5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}