Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
Vulnerability Description
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Xorcom CompletePBX 路径遍历漏洞
Vulnerability Description
Xorcom CompletePBX是以色列Xorcom公司的一款基于 Asterisk 的企业级 IP 电话系统。 Xorcom CompletePBX 5.2.35及之前版本存在路径遍历漏洞,该漏洞源于诊断报告模块中的路径遍历,可能导致读取任意文件并删除预期报告中的文件。
CVSS Information
N/A
Vulnerability Type
N/A