On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
References
Link | Resource |
---|---|
http://www.rootlabs.com.br/path-traversal-in-3cx/ | Third Party Advisory |
https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:49
Updated: 2022-10-03T16:21:49
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-7654
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-04T01:29:00.487
Modified: 2018-03-28T22:00:29.987
Link: CVE-2018-7654
JSON object: View
Redhat Information
No data.
CWE