
Directory Listing vulnerability in issabel-pbx 4.0.0-6 exposing application sensitive files

issabel-pbx 4.0.0-6 - Directory Listing

Description: Issabel-pbx v.4.0.0-6 is vulnerable to Broken Access Control. The Directory Listing vulnerability allows any remote attacker to view the application's sensitive files within the modules directory of the application without any authorization.

Vulnerable Product Version: issabel-pbx 4.0.0-6

Date: 10/07/2023

CVE: CVE-2023-37599

CVE Author: Sahil Ojha

Vendor Homepage: https://www.issabel.org/

Software Link: https://github.com/IssabelFoundation/issabelPBX

Tested on: Windows

Steps to reproduce:

  1. Navigate to URL: https://{Issabel IP}/module. I found out that many important files of application can be accessed directly from this directory listing.

HTML Render

HTML Render

HTML Render

HTML Render