PT-2023-18909 · Avantfax · Avantfax

Harold Rodriguez

Published

2023-03-10

Updated

2025-03-05

CVE-2023-23327

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AvantFAX version 3.3.7

Description An Information Disclosure issue exists, where backups of sent and received faxes, along with database backups, are stored on the web server without access controls, using the current date as the filename.

Recommendations For AvantFAX version 3.3.7, consider implementing access controls for the backups stored on the web server to prevent unauthorized access. As a temporary workaround, restrict access to the backup files until a more permanent solution is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-23327

Affected Products

Avantfax

PT-2023-18909 · Avantfax · Avantfax

CVE-2023-23327

Weakness Enumeration

Related Identifiers

Affected Products

References · 5