3CX 18.0.2.315

CPE Details

3CX 18.0.2.315
3cx
3cx
18.0.2.315
2023-05-09
11h58 +00:00
2023-08-28
15h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:3cx:3cx:18.0.2.315:*:*:*:*:*:*:*

Informations

Vendor

3cx

Product

3cx

Version

18.0.2.315

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-49954 2023-12-24 23h00 +00:00 The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
9.8
Critical
CVE-2022-48483 2023-05-02 00h00 +00:00 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
7.5
High
CVE-2022-28005 2022-05-05 22h00 +00:00 An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
9.8
Critical
CVE-2021-45491 2022-03-27 23h14 +00:00 3CX System through 2022-03-17 stores cleartext passwords in a database.
6.5
Medium