CVE-2010-3490

medium

Description

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt

http://www.securityfocus.com/bid/43454

http://www.securityfocus.com/archive/1/513947/100/0/threaded

http://www.freepbx.org/trac/ticket/4553

http://www.exploit-db.com/exploits/15098

Details

Source: Mitre, NVD

Published: 2010-09-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.10705