CVE-2014-5111

Name of the Vulnerable Software and Affected Versions Fonality trixbox (affected versions not specified)

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files by utilizing a .. (dot dot) in the lang parameter to various API endpoints, including "home/index.php", "asterisk info/asterisk info.php", "repo/repo.php", and "endpointcfg/endpointcfg.php" in the maint/modules/ directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.