CVE-2025-52207

Summary

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

Affected Software

VendorProductVersion RangeStatus
MIKOMikoPBX0 <= 2024.1.114affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References