PT-2021-23831 · Fusionpbx · Fusionpbx
Published
2021-11-05
·
Updated
2022-09-30
·
CVE-2021-43403
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FusionPBX versions prior to 4.5.30
Description
An issue was discovered in the log viewer.php Log View page, which allows an authenticated user to choose an arbitrary filename for download, not limited to the intended directory or the freeswitch.log file.
Recommendations
For versions prior to 4.5.30, update to version 4.5.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the log viewer.php page to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fusionpbx