First published: Thu May 20 2021(Updated: )
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fusionpbx Fusionpbx | =4.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-21055 is a Directory Traversal vulnerability in FusionPBX 4.5.7 that allows malicious users to rename any file on the system.
A malicious user can exploit CVE-2020-21055 by manipulating the folder, filename, and newfilename variables in app\edit\filerename.php.
CVE-2020-21055 has a severity value of 6.5, indicating a medium severity.
The Common Weakness Enumeration (CWE) ID for CVE-2020-21055 is CWE-22.
To fix CVE-2020-21055, update FusionPBX to version 4.5.8 or later, which contains a fix for the vulnerability.