VYPR
Medium severity6.5NVD Advisory· Published Mar 4, 2018· Updated Jun 17, 2026

CVE-2018-7654

CVE-2018-7654

Description

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2018-7654 · Medium · VYPR