3cx Security Vulnerabilities and Issues — 3cx CVE List

Lucene search

3cx3cx

4 matches found

CVE•added 2023/03/30 5:15 p.m.•287 views

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX Desktop...

7.8CVSS7.7AI score0.00305EPSS

CVE•added 2023/05/02 5:15 a.m.•178 views

CVE-2022-48483

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an inc...

7.5CVSS8.7AI score0.04808EPSS

CVE•added 2023/05/02 5:15 a.m.•175 views

CVE-2022-48482

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.

7.5CVSS8.6AI score0.00583EPSS

CVE•added 2023/12/25 8:15 a.m.•38 views

CVE-2023-49954

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.

9.8CVSS9.7AI score0.0068EPSS