CVE-2022-29330 - vulnerability in VitalPBX < 3.2.1

Corinne HENIN & Thibaut HENIN

As we were playing around quietly configuring our VitalPBX server, we discovered a vulnerability that was relatively easy to implement and gave us access to data we should not be able to read freely (i.e. passwords extensions, but not only). Here's how it works... and why you should update your version.

Read more