5 matches found
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
CVE-2019-16986
FusionPBX exposes a path-traversal/download flaw in resource files. Up to v4.5.7, the unsanitized URL parameter f in resources/download.php (and in resources/secure_download.php) lets an attacker download arbitrary files. Affected versions: FusionPBX