Lucene search

[email protected]CVE-2010-3490

HistorySep 28, 2010 - 6:00 p.m.

CVE-2010-3490

2010-09-2818:00:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

3490

directory traversal

freepbx

system recordings

configuration interface

remote authenticated administrators

arbitrary files

admin/config.php

web root

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.873 High

EPSS

Percentile

98.7%

JSON

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a … (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.

Affected configurations

NVD

Node

sangomafreepbxRange≤2.8.0

CPENameOperatorVersion
sangoma:freepbxsangoma freepbxle2.8.0

CPE	Name	Operator	Version
sangoma:freepbx	sangoma freepbx	le	2.8.0

References

www.exploit-db.com/exploits/15098

www.freepbx.org/trac/ticket/4553

www.securityfocus.com/archive/1/513947/100/0/threaded

www.securityfocus.com/bid/43454

www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.873 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2010-3490

packetstorm1 exploitpack1 openvas2 securityvulns2 prion1 cvelist1 nvd1 seebug1 checkpoint_advisories1 exploitdb1