3CX CRM - SQLi - CVE-2023-49954
by vulture - Thursday December 28, 2023 at 01:09 PM
MVP User
MVP
Posts: 300
Threads: 40
Joined: Jun 2023
Reputation: 603

#1
12-28-2023, 01:09 PM
To all the Sqli fam, 

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.


Hidden Content
You must register or login to view this content.
Website
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 261 02-06-2026, 07:08 PM
Last Post: hacker0123
  CitrixBleed / CVE-2023-4966 cccp 10 6,797 02-06-2026, 01:36 AM
Last Post: temptest
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 457 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: