2 matches found
CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal
An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...
CVE-2026-9587
CVE-2026-9587 describes an authenticated local file inclusion in Sangoma Switchvox SMB Edition 8.3 (104997). The issue resides in the play_file function where the sound_path input is not properly validated, allowing an attacker to supply absolute paths to read files outside the intended directory...