FusionPBX Path traversal 4

An authenticated user can delete any folder of the system through a URL of FusionPBX 4.5.7 specifically crafted.

In FusionPBX up to v4.5.7, file app\edit\folderdelete.php uses an unsanitized “folder” variable coming from the URL allows to delete any folder of the system.

 

Bug ID: https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=d7a37592-f07b-4aa4-92ca-5c4f7886b7c5
Fix: https://github.com/fusionpbx/fusionpbx/commit/026c3958c3c7ca6b2ff067addc991aac8f41cf11

Issue was reported by Pierre Jourdan on 13/08/2019 and fixed on same day by Mark J Crane.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s