Medium severity6.5NVD Advisory· Published Mar 4, 2018· Updated Jun 17, 2026
CVE-2018-7654
CVE-2018-7654
Description
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
Patches
Vulnerability mechanics
References
2- www.rootlabs.com.br/path-traversal-in-3cx/nvdThird Party Advisory
- medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7anvdThird Party Advisory
News mentions
0No linked articles in our index yet.