Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.5 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

9.8CVSS7.4AI score0.0608EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

9.8CVSS7.2AI score0.0608EPSS
Exploits0References1
Prion
Prion
added 2023/05/02 5:15 a.m.28 views

Directory traversal

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an...

5CVSS8.7AI score0.0608EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2022/05/06 6:27 p.m.228 views

CVE-2022-28005

creationtimestamp| type| source ---|---|--- 2022-05-06 18:27:51+00:00| seen| https://t.me/cibsecurity/42110 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-28 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities -...

9.8CVSS7.2AI score0.0608EPSS
In wildExploits0References4
Cvelist
Cvelist
added 2022/05/06 12:0 a.m.40 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

8.9AI score0.0608EPSS
Exploits0References4
CVE
CVE
added 2022/05/06 12:0 a.m.128 views

CVE-2022-28005

CVE-2022-28005 affects the 3CX Phone System Management Console prior to version 18 Update 3 FINAL on Windows. It allows an unauthenticated attacker to traverse the server via /Electron/download with backslash-using path components, leading to cleartext credential disclosure; a subsequent authenti...

9.8CVSS8.2AI score0.0608EPSS
In wildExploits0References4Affected Software1
Rows per page
Query Builder