5 matches found
CVE-2025-1782
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2025-1782
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2025-1782
creationtimestamp| type| source ---|---|--- 2025-04-14 18:54:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11676 2025-04-14 19:46:18+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114338036274546789 2025-04-14 20:18:49+00:00| seen|...
CVE-2025-1782 Unsanitized input in language form field
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2025-1782
CVE-2025-1782 affects HylaFAX Enterprise Web Interface and AvantFAX. The vulnerability arises from an unsanitized language form element that can be abused to include an arbitrary file in PHP code, enabling an authenticated attacker to perform actions as the web server user. The available document...