CVE-2021-43403
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).
Official FusionPBX - A full-featured domain based multi-tenant PBX and voice switch for FreeSwitch.
GitHub