CVE-2025-52207 Information

Description

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

Reference

https://github.com/mikopbx/Core/commit/3ee785429d3f1b33c9ab387ef4221127c9b8c5f3 https://www.mikopbx.com/

Related CNNVD

CNNVD-202506-3589 (Published: 2025-06-27)