2 matches found
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
CVE-2019-13176
The CVE-2019-13176 issue affects the 3CX Phone System web management console (versions 12.5.44178.1002 through 12.5 SP2). The vulnerable component is Content.MainForm.wgx, which is susceptible to XML External Entity (XXE) processing when a crafted XML document is placed in POST data. This may ena...