Skip to content
/ CVE-2023-37599 Public

Directory Listing vulnerability in issabel-pbx 4.0.0-6 exposing application sensitive files

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sahiloj/CVE-2023-37599

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
1.png
1.png
 
 
2.png
2.png
 
 
3.png
3.png
 
 
4.png
4.png
 
 
README.md
README.md
 
 

Repository files navigation

issabel-pbx 4.0.0-6 - Directory Listing

Description: Issabel-pbx v.4.0.0-6 is vulnerable to Broken Access Control. The Directory Listing vulnerability allows any remote attacker to view the application's sensitive files within the modules directory of the application without any authorization.

Vulnerable Product Version: issabel-pbx 4.0.0-6

Date: 10/07/2023

CVE: CVE-2023-37599

CVE Author: Sahil Ojha

Vendor Homepage: https://www.issabel.org/

Software Link: https://github.com/IssabelFoundation/issabelPBX

Tested on: Windows

Steps to reproduce:

  1. Navigate to URL: https://{Issabel IP}/module. I found out that many important files of application can be accessed directly from this directory listing.

HTML Render

HTML Render

HTML Render

HTML Render

About

Directory Listing vulnerability in issabel-pbx 4.0.0-6 exposing application sensitive files

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published