PT-2023-18909 · Avantfax · Avantfax
Harold Rodriguez
·
Publicado
2023-03-10
·
Atualizado
2025-03-05
·
CVE-2023-23327
CVSS v3.1
4.9
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AvantFAX version 3.3.7
Description
An Information Disclosure issue exists, where backups of sent and received faxes, along with database backups, are stored on the web server without access controls, using the current date as the filename.
Recommendations
For AvantFAX version 3.3.7, consider implementing access controls for the backups stored on the web server to prevent unauthorized access. As a temporary workaround, restrict access to the backup files until a more permanent solution is available.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Avantfax