Primary

Context

Zenitel AlphaWeb XE Directory Traversal Vulnerability

Vulnerability

A directory traversal vulnerability has been identified in Zenitel AlphaWeb XE version 11.2.3.10, specifically within the component '/php/script_uploads.php'. This issue allows authenticated attackers to access sensitive files on the server.

Impact

Exploitation of this vulnerability leads to unauthorized access to the '/etc/passwd' and '/etc/shadow' files, which contain user account information and password hashes, respectively.

Reproduction

To reproduce this vulnerability, authenticate to the Zenitel AlphaWeb XE web application version 11.2.3.10. After logging in (the default credentials are 'admin' for the username and 'alphaadmin' for the password), navigate to the vulnerable script upload URL with the 'action' parameter set to 'get_file' and the 'file' parameter set to traverse the directory and access sensitive files such as '/etc/passwd' or '/etc/shadow'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel AlphaWeb XE Directory Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating