Primary

Context

Zenitel AlphaWeb XE Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in Zenitel AlphaWeb XE version 11.2.3.10. The issue arises in the amc_uploads.php component, allowing authenticated users to access sensitive files on the server.

Impact

Exploitation of this vulnerability leads to unauthorized access to local files, including sensitive information such as password hashes from the /etc/shadow file.

Reproduction

To reproduce this vulnerability, authenticate to the Zenitel AlphaWeb XE web application version 11.2.3.10 using the default credentials (username: 'admin', password: 'alphaadmin'). After logging in, navigate to the amc_uploads.php component with the 'action=readlog' parameter and specify a file path such as '/etc/passwd' or '/etc/shadow' to access the contents of these files.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.7

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel AlphaWeb XE Local File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating