Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
3cx 3cx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...
NA
CVE-2023-49954
The CRM Integration in 3CX prior to 18.0.9.23 and 20 prior to 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
3cx 3cx
NA
CVE-2022-48482
3CX prior to 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote malicious users to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
3cx 3cx
NA
CVE-2022-48483
3CX prior to 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote malicious users to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this iss...
3cx 3cx
NA
CVE-2023-29059
3CX DesktopApp up to and including 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, a...
3cx 3cx 18.12.407
3cx 3cx 18.12.416
3cx 3cx 18.12.402
3cx 3cx 18.11.1213
1 Github repository
9
CVSSv2
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated malicious user to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandl...
3cx Phone System Firmware 16.0.0.1570
Debian Debian Linux -
9
CVSSv2
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an malicious user to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when u...
3cx Phone System Firmware 16.0.0.1570
Debian Debian Linux -
5.1
CVSSv2
CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and previous versions and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulner...
Caphyon Advanced Installer
Realdefense Mypasslock 1.9.6
Realdefense Mycleanpc 4.0.2
Realdefense Mycleanid 4.1.4
Prusa3d Prusaslicer 2.4.2
Plagiarismcheckerx Plagiarism Checker X 8.0.6
Vigem Vigembus Driver 1.16.116
Nefarius Scptoolkit 1.6.238.16010
Moonsoftware Password Agent 20.10.1
Getmailbird Mailbird 2.9.50.0
Krylack Burning Suite 1.20.05
Krylack Rar Password Recovery 3.70.69
Krylack Volume Serial Number Editor 2.02.34
Krylack Zip Password Recovery 3.70.69
Krylack Asterisks Password Decryptor 3.31.107
Krylack Archive Password Recovery 3.70.69
Jpsoft Take Command 28.2.18
Jki Vi Package Manager 21.1.2754
Honeygain Honeygain 0.10.7.0
Guzogo Guzogo 1.0.5.0
Gamecaster Gamecaster 4.0.2109.2802
Gainedge Better Explorer 2020.3.15.1304
1 Github repository
5
CVSSv2
CVE-2022-28005
An issue exists in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that ...
3cx 3cx
6.4
CVSSv2
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
3cx 3cx
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »