trixbox 2.8.0 - directory-traversal

Published on
10 Jan 2022


TrixBox is a telephone system based on the open-source Asterisk PBX Software. It allows an individual or organization to set up a telephone system as well as VoIP (Voice over Internet Protocol).

rixbox is vulnerable to directory-traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php


  • Restrict access to TrixBox from outside or remove the application because the vendor has not patched it.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment