Description
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Trustwave's SpiderLabs · textwebappsphp
https://www.exploit-db.com/exploits/15098
References (5)
Core 5
Core References
Various Sources x_refsource_misc
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/513947/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43454
Various Sources x_refsource_misc
http://www.freepbx.org/trac/ticket/4553
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15098
Scores
EPSS
0.0897
EPSS Percentile
92.6%
Details
CWE
CWE-22
Status
published
Products (1)
sangoma/freepbx
< 2.8.0
Published
Sep 28, 2010
Tracked Since
Feb 18, 2026