cve/CVE-2018-7654.md at cbf63c63bee59799167d7088e0b200db2d97e4ca

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

643 B

Raw Blame History

CVE-2018-7654

Description

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

POC

Reference

https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a

Github

No PoCs found on GitHub currently.

643 B Raw Blame History

CVE-2018-7654

Description

POC

Reference

Github

643 B

Raw Blame History