The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-12-25
Updated
2024-01-03
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-03-30
Updated
2023-04-10
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-05-02
Updated
2023-05-10
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-05-02
Updated
2023-05-10
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
Max CVSS
9.8
EPSS Score
1.57%
Published
2022-05-06
Updated
2023-05-02
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
Max CVSS
8.1
EPSS Score
6.32%
Published
2022-06-06
Updated
2023-04-28
3CX System through 2022-03-17 stores cleartext passwords in a database.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-03-28
Updated
2022-03-31
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
Max CVSS
9.1
EPSS Score
0.18%
Published
2022-03-28
Updated
2022-04-04
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-12
Updated
2023-05-26
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-08-12
Updated
2020-08-24
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
Max CVSS
7.5
EPSS Score
0.41%
Published
2019-08-08
Updated
2019-08-28
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
Max CVSS
9.8
EPSS Score
0.35%
Published
2020-03-20
Updated
2021-08-12
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.
Max CVSS
9.8
EPSS Score
1.56%
Published
2019-06-03
Updated
2023-05-26
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
Max CVSS
9.0
EPSS Score
0.10%
Published
2022-06-07
Updated
2022-06-14
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.
Max CVSS
9.0
EPSS Score
0.30%
Published
2022-06-07
Updated
2022-06-14
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
Max CVSS
6.1
EPSS Score
0.16%
Published
2019-03-22
Updated
2023-05-26
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-10-18
Updated
2023-05-26
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
Max CVSS
5.3
EPSS Score
0.13%
Published
2018-08-03
Updated
2020-08-24
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-08-03
Updated
2018-09-26
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-08-03
Updated
2018-09-26
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
Max CVSS
9.8
EPSS Score
2.97%
Published
2018-07-02
Updated
2021-07-20
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-05-15
Updated
2023-05-26
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
Max CVSS
6.1
EPSS Score
0.17%
Published
2018-04-09
Updated
2023-05-26
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-03-04
Updated
2018-03-28
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-12
Updated
2023-05-26
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!