IDCVSSSummaryLast (major) updatePublished
CVE-2019-13176 5.0
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading
28-08-2019 - 13:57 08-08-2019 - 14:15
CVE-2017-15359 4.0
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker
13-11-2017 - 17:42 18-10-2017 - 18:29
CVE-2018-7654 4.0
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
28-03-2018 - 22:00 04-03-2018 - 01:29
CVE-2019-14935 4.6
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
27-08-2019 - 17:49 12-08-2019 - 00:15
CVE-2018-14905 4.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
26-09-2018 - 17:29 03-08-2018 - 18:29
CVE-2018-14906 4.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
26-09-2018 - 17:29 03-08-2018 - 18:29
CVE-2018-14907 5.0
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
26-09-2018 - 17:28 03-08-2018 - 18:29
Back to Top Mark selected
Back to Top