Unsanitized rec Variable in FusionPBX Allows Arbitrary File Deletion

Unsanitized rec Variable in FusionPBX Allows Arbitrary File Deletion

CVE-2019-16985 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

Learn more about our Web Application Penetration Testing UK.