3CXPhone CVE-2018-7654 Path Traversal Vulnerability

description-logoDescription

On 3CX 15.5.6354.2 devices, the parameter 'file' in the request '/api/RecordingList/download?file=' allows full access to files on the server via path traversal.

affected-products-logoAffected Applications

3CXPhone

CVE References

CVE-2019-14935 CVE-2018-7654