Vulnerability Description
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netfortris | Trixbox | 2.8.0.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/103007Third Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-ExploitExploitThird Party Advisory
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversaExploitThird Party Advisory
- http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.htmlExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/103007Third Party AdvisoryVDB Entry
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-ExploitExploitThird Party Advisory
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversaExploitThird Party Advisory
FAQ
What is CVE-2017-14537?
CVE-2017-14537 is a vulnerability with a CVSS score of 6.5 (MEDIUM). trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
How severe is CVE-2017-14537?
CVE-2017-14537 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14537?
Check the references section above for vendor advisories and patch information. Affected products include: Netfortris Trixbox.