← Back to CVE List
CVE-2018-7654
Published:
2018-03-04T01:29Z
Last Modified:
2024-11-21T04:12Z
Source:
MITRE CVE List
License:
MITRE-CVE-TOS
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt