3CXPhone CVE-2018-7654 Path Traversal Vulnerability
Description
On 3CX 15.5.6354.2 devices, the parameter 'file' in the request '/api/RecordingList/download?file=' allows full access to files on the server via path traversal.
Affected Applications
3CXPhone