3 matches found
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
Summary: CVE-2025-52207 affects MikoPBX (MikoPBX/core) up to version 2024.1.114, where PBXCoreREST/Controllers/Files/PostController.php permits uploading a PHP script to an arbitrary directory. Impact (as stated): authenticated users can upload and execute arbitrary PHP, enabling remote code exec...