CVE-2020-21055
MEDIUMFusionPBX 4.5.7 - Path Traversal via File Rename Parameters
Title source: llmDescription
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085
Scores
CVSS v3
6.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
fusionpbx/fusionpbx
4.5.7
Published
May 20, 2021
Tracked Since
Feb 18, 2026