Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37599: GitHub - sahiloj/CVE-2023-37599: Directory Listing vulnerability in issabel-pbx 4.0.0-6 exposing application sensitive files

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

CVE
Open in Source
#vulnerability#windows#git#auth

issabel-pbx 4.0.0-6 - Directory Listing

Description: Issabel-pbx v.4.0.0-6 is vulnerable to Broken Access Control. The Directory Listing vulnerability allows any remote attacker to view the application’s sensitive files within the modules directory of the application without any authorization.

Vulnerable Product Version: issabel-pbx 4.0.0-6

Date: 10/07/2023

CVE: CVE-2023-37599

CVE Author: Sahil Ojha

Vendor Homepage: https://www.issabel.org/

Software Link: https://github.com/IssabelFoundation/issabelPBX

Tested on: Windows

Steps to reproduce:

  1. Navigate to URL: https://{Issabel IP}/module. I found out that many important files of application can be accessed directly from this directory listing.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE