Lucene search
K

Issabel PBX 4.0.0-6 - Directory Listing

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

Vulnerability in Issabel PBX 4.0.0-6 allows unauthorized access to sensitive directories.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-37599
13 Jul 202322:15
attackerkb
Circl
CVE-2023-37599
9 Dec 202408:20
circl
CNNVD
Issabel PBX 安全漏洞
13 Jul 202300:00
cnnvd
CVE
CVE-2023-37599
13 Jul 202300:00
cve
Cvelist
CVE-2023-37599
13 Jul 202300:00
cvelist
NVD
CVE-2023-37599
13 Jul 202322:15
nvd
OpenVAS
Enabled Directory Listing/Indexing Detection (HTTP)
26 Dec 201500:00
openvas
OSV
CVE-2023-37599
13 Jul 202322:15
osv
Prion
Design/Logic Flaw
13 Jul 202322:15
prion
RedhatCVE
CVE-2023-37599
23 May 202504:04
redhatcve
Rows per page
id: CVE-2023-37599

info:
  name: Issabel PBX 4.0.0-6 - Directory Listing
  author: ritikchaddha
  severity: high
  description: |
    An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
  impact: |
    Exploiting this vulnerability could lead to unauthorized access to sensitive directories and files, compromising the confidentiality of the system.
  remediation: |
    It is recommended to update to a patched version of issabel-pbx or apply necessary configuration changes to prevent directory listing.
  reference:
    - https://github.com/sahiloj/CVE-2023-37599
    - https://nvd.nist.gov/vuln/detail/CVE-2023-37599
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-37599
    cwe-id: CWE-668
    epss-score: 0.03009
    epss-percentile: 0.85766
    cpe: cpe:2.3:a:issabel:issabel-pbx:4.0.0-6:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: issabel
    product: issabel-pbx
    shodan-query: title:"issabel"
    fofa-query: title="issabel"
  tags: cve,cve2023,issabel,issabel-pbx,directory-listing,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/modules/'

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "Index of /modules")'
          - 'contains_any(body, "issabel", "asterisk_", "billing_")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100cffab6d951ab325509b0a6221e54038746ac8009ca9b746f1fbd6366a70c6e9102207dfafc0875e929787a4300eaf902f9d5a7492f83dfe1e75bd9adcc4bd800ffdd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.5
EPSS0.03009
SSVC
31