Authored by Kahvi-0

Mitel MiCollab AWV versions and 9.1.3 suffers from a directory traversal and local file inclusion vulnerabilities.

advisories | CVE-2020-11798

# Exploit Title: Mitel MiCollab AWV and 9.1.3 - Directory Traversal and LFI
# Date: 2022-10-14
# Fix Date: 2020-05
# Exploit Author: Kahvi-0
# Github:
# Vendor Homepage:
# Vendor Security Advisory:
# Version: before and 9.x before 9.1.3
# CVE: CVE-2020-11798
# CVE Reported By: Tri Bui


A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories