CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7654

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.rootlabs.com.br/path-traversal-in-3cx/
https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a
http://www.rootlabs.com.br/path-traversal-in-3cx/
https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a

Products affected by CVE-2018-7654

3cx » 3cx » Version: 15.5.6354.2

cpe:2.3:a:3cx:3cx:15.5.6354.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7654

Products

Pricing

Contact Us