Описание
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatch
- Exploit
- ExploitPatchVendor Advisory
- ExploitPatch
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.6 (включая)
cpe:2.3:a:asteriskathome:asteriskathome:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00713
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.
EPSS
Процентиль: 72%
0.00713
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other