An issue exists in FusionPBX prior to 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fusionpbx fusionpbx |