exploitDog

CVE-2025-2493

Опубликовано: 18 мар. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the expected scope, posing a security risk.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sytel:softdial_contact_center:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00252

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-8wc3-h23m-8ggr

CVSS3: 7.5

github

11 месяцев назад

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the expected scope, posing a security risk.

EPSS

Процентиль: 48%

0.00252

Низкий

7.5 High

CVSS3

Дефекты

CWE-22