Description
TrixBox is a telephone system based on the open-source Asterisk PBX Software. It allows an individual or organization to set up a telephone system as well as VoIP (Voice over Internet Protocol).
rixbox 2.8.0.4 is vulnerable to directory-traversal via the xajaxargs array parameter to /maint/index.php?packages
or the lang parameter to /maint/modules/home/index.php
Recommendations
- Restrict access to TrixBox from outside or remove the application because the vendor has not patched it.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.