CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7654
https://notcve.org/view.php?id=CVE-2018-7654
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. En dispositivos 3CX 15.5.6354.2, el parámetro "file" en la petición "/api/RecordingList/download?file=" permite el acceso total a archivos en el servidor mediante el salto de directorio. • http://www.rootlabs.com.br/path-traversal-in-3cx https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15359 – 3CX Phone System 15.5.3554.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-15359
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. En 3CX Phone System 15.5.3554.1, la consola de gestión suele escuchar al puerto 5001 y es propenso a un ataque de salto de directorio: "/api/RecordingList/DownloadRecord? • https://www.exploit-db.com/exploits/42991 http://seclists.org/fulldisclosure/2017/Oct/37 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •