2 matches found
CVE-2021-37440
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring...
CVE-2021-37440
NCH Axon PBX v2.22 and earlier are affected by a path traversal vulnerability in the logprop function, where a request parameter logprop?file=/.. can disclose arbitrary files. This is a file disclosure vulnerability caused by improper handling of the dot-dot sequence and is cataloged as CVE-2021-...