CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49954
https://notcve.org/view.php?id=CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. La integración de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyección SQL a través de un nombre, cadena de búsqueda o dirección de correo electrónico. • https://github.com/CVE-2023-49954/CVE-2023-49954.github.io https://cve-2023-49954.github.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48483
https://notcve.org/view.php?id=CVE-2022-48483
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48482
https://notcve.org/view.php?id=CVE-2022-48482
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-28005
https://notcve.org/view.php?id=CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. Se ha detectado un problema en 3CX Phone System Management Console versiones anteriores a 18 Actualización 3 FINAL. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log https://www.3cx.com/blog/releases/v18-security-hotfix https://www.3cx.com/blog/releases/v18-update-3-final • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45491
https://notcve.org/view.php?id=CVE-2021-45491
3CX System through 2022-03-17 stores cleartext passwords in a database. El Sistema 3CX versiones hasta 17-03-2022, almacena contraseñas en texto sin cifrar en una base de datos • http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html https://www.3cx.com/community/forums/posts-articles-news • CWE-312: Cleartext Storage of Sensitive Information •