5 matches found
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...
CVE-2019-16985
FusionPBX contains a path traversal/file-deletion vulnerability in versions up to 4.5.7. The file app\xml_cdr\xml_cdr_delete.php uses an unsanitized URL parameter rec, which is base64 decoded and can cause deletion of arbitrary system files. Reported impact is arbitrary file deletion; remediation...