CVE Tools

3cx

Communicationscommercial

14

Cumulative CVEs

4

Monthly snapshots

#66

Peak rank

Top products

phone system firmware2 crm template generator1 call flow designer1

Latest CVEs

The 15 most recently published vulnerabilities affecting 3cx.

CVE-2023-273623CX Uncontrolled Search Path Local Privilege Escalation Vulnerability7.8May 3, 2024
CVE-2023-49954The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.9.8Dec 25, 2023
CVE-2022-484833CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path comp...7.5May 2, 2023
CVE-2022-484823CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentia...7.5May 2, 2023
CVE-2023-290593CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows applicatio...7.8Mar 30, 2023
CVE-2019-9972PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><...8.8Jun 7, 2022
CVE-2019-9971PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs b...8.8Jun 7, 2022
CVE-2022-27438Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the Custo...8.1Jun 6, 2022
CVE-2022-28005An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the se...9.8May 6, 2022
CVE-2021-454913CX System through 2022-03-17 stores cleartext passwords in a database.6.5Mar 28, 2022
CVE-2021-45490The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.9.1Mar 28, 2022
CVE-2019-12498The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.9.8Mar 20, 2020
CVE-2014-10386The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.6.1Aug 22, 2019
CVE-2017-18507The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.6.1Aug 13, 2019
CVE-2019-14950The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.6.1Aug 12, 2019