Relative Path Traversal

Overview mikopbx/core is a Free PBX system for SMB based on Asterisk Affected versions of this package are vulnerable to Relative Path Traversal via the PostController.php process. An attacker can execute arbitrary code and access sensitive files by uploading a crafted PHP script to an arbitrary...

PT-2025-27246 · Mikopbx · Mikopbx

Name of the Vulnerable Software and Affected Versions: MikoPBX versions through 2024.1.114 Description: The issue allows uploading a PHP script to an arbitrary directory due to a problem in the PBXCoreREST/Controllers/Files/PostController.php file. Recommendations: For MikoPBX versions through...

CVE-2025-52207

Summary: CVE-2025-52207 affects MikoPBX (MikoPBX/core) up to version 2024.1.114, where PBXCoreREST/Controllers/Files/PostController.php permits uploading a PHP script to an arbitrary directory. Impact (as stated): authenticated users can upload and execute arbitrary PHP, enabling remote code exec...

CVE-2019-11362

The CVE-2019-11362 entry describes an SQL injection in ROCBOSS V2.2.1, arising from unsafely handling the Post:doReward score parameter in app/controllers/frontend/PostController.php. The vulnerability is demonstrated via the /do/reward/3 URI. Connected documents confirm the same description acro...