Vulnerability
Description
TrixBox is a telephone system based on the open-source Asterisk PBX Software. It allows an individual or organization to set up a telephone system as well as VoIP (Voice over Internet Protocol).
rixbox 2.8.0.4 is vulnerable to directory-traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php
Recommendations
- Restrict access to TrixBox from outside or remove the application because the vendor has not patched it.
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
