📦 3cx

This SQL injection vulnerability in 3CX CRM Integration allows attackers to execute arbitrary SQL commands by manipulating first name, search string, or email address fields. Attackers can potentially...

This vulnerability in 3CX Phone System Management Console allows unauthenticated attackers to read arbitrary files via directory traversal, leading to credential disclosure. With stolen credentials, a...

This vulnerability allows local attackers to escalate privileges on 3CX installations by exploiting an insecure OpenSSL configuration file location. Attackers with initial low-privileged access can ex...

CVE-2022-48482 is a directory traversal vulnerability in 3CX phone management software that allows unauthenticated remote attackers to read sensitive files including credentials, backups, call recordi...

CVE-2023-29059 involves malicious code embedded in 3CX DesktopApp versions, enabling supply chain attacks. This allows attackers to execute arbitrary code on affected systems through DLL sideloading. ...