In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fusionpbx fusionpbx |