Security Advisory

CVE-2006-2021

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-04-25 20:00:00

Last updated 2024-08-07 17:35:31

Assigner mitre

State PUBLISHED

Description

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.

← Browse all CVEs View on cve.org ↗