Intrusion Prevention

FreePBX.Framework.Hotelwakeup.Module.Directory.Traversal

Description

This indicates an attack attempt against a Directory Traversal vulnerability in FreePBX Framework.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to /admin/ajax.php. A remote attacker can exploit this to download arbitrary file from the target server via a crafted request.

Affected Products

FreePBX Project hotelwakeup Module prior to 13.0.15
FreePBX Project FreePBX Framework 13.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.