Avantfax · Avantfax · CVE-2025-1782
**Name of the Vulnerable Software and Affected Versions**
HylaFAX Enterprise Web Interface and AvantFAX (affected versions not specified)
**Description**
The language form element in HylaFAX Enterprise Web Interface and AvantFAX is not properly sanitized before being used, allowing an attacker to include an arbitrary file in the PHP code. This enables the attacker to perform any action as the web server user. The flaw requires the attacker to be authenticated with a valid user account.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.