Description
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://resp3ctblog.wordpress.com/2019/10/28/fusionpbx-path-traversal-6/
Patch, Third Party Advisory x_refsource_misc
https://github.com/fusionpbx/fusionpbx/commit/1a88ca61a744914d3336cc15a40fb3edbcde9085
Scores
CVSS v3
6.5
EPSS
0.0141
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
fusionpbx/fusionpbx
4.5.7
Published
May 20, 2021
Tracked Since
Feb 18, 2026