3 matches found
CVE-2021-43403
creationtimestamp| type| source ---|---|--- 2022-09-29 07:47:49+00:00| seen| https://t.me/cibsecurity/50681...
CVE-2021-43403
An issue was discovered in FusionPBX before 4.5.30. The logviewer.php Log View page allows an authenticated user to choose an arbitrary filename for download i.e., not necessarily freeswitch.log in the intended directory...
CVE-2021-43403
FusionPBX before 4.5.30 is affected by a vulnerability in log_viewer.php that lets an authenticated user specify an arbitrary filename for download (not restricted to freeswitch.log in the intended directory). Root cause: improper validation/restriction on downloadable file paths via the log view...