RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the "sub-admin" privilege to access any files on the PBX's file system. Versions 8.0B and below are affected.
d996a18ccf6aeaf710400d44518247e46de43b267d135f9213bec807dc59597d