Arbitrary File Read Vulnerability in Dialogic PowerMedia XMS Administrative Console

Arbitrary File Read Vulnerability in Dialogic PowerMedia XMS Administrative Console

CVE-2018-11637 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.

Learn more about our Web App Pen Testing.