| The diagnostics module in Xorcom CompletePBX 5.2.35 contains a path traversal vulnerability that allows an authenticated attacker to request arbitrary files. Instead of returning the file content directly, the module packages the file into a ZIP archive. In an unexpected twist, once the file is included in the ZIP archive, the server automatically deletes it from the system. This creates a dual-risk scenario , an attacker gains sensitive information while simultaneously causing data loss on the target. |
