Lucene search
3cx3cx
3 matches found
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backsl...
9.8CVSS8.2AI score0.04685EPSS
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
9.1CVSS8.9AI score0.00129EPSS
CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
9.8CVSS9.7AI score0.0068EPSS