Security Advisory

CVE-2010-3490

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-09-28 17:00:00

Last updated 2024-08-07 03:11:44

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.

← Browse all CVEs View on cve.org ↗