{"vulnerability": "CVE-2023-49954", "sightings": [{"uuid": "0adc40c0-d7e8-4c65-93f1-a25aedb343df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "https://t.me/arpsyndicate/2207", "content": "#ExploitObserverAlert\n\nCVE-2023-49954\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49954. The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.", "creation_timestamp": "2023-12-28T07:42:05.000000Z"}, {"uuid": "1ed3108d-bc43-468a-89ff-023ab665a3f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:10.000000Z"}, {"uuid": "ff501ef1-db29-4a24-85f4-1e88a1733e02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:49.000000Z"}, {"uuid": "859abbc3-5937-4fb0-a143-ea748b403a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "Telegram/NqMiySbxmIrZSmnXeniM-UaOpCcYSdW_8PGgXD3X0qTw6g", "content": "", "creation_timestamp": "2023-12-16T19:49:11.000000Z"}, {"uuid": "56d62d2c-9b64-42c4-a096-2797edb39744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1714", "content": "https://github.com/CVE-2023-49954/CVE-2023-49954.github.io\nSQL Injection in 3CX CRM Integration\n\n#github", "creation_timestamp": "2023-12-16T07:10:06.000000Z"}, {"uuid": "72698c48-9015-480e-aaa7-544882e06372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3680", "content": "https://github.com/CVE-2023-49954/CVE-2023-49954.github.io\nSQL Injection in 3CX CRM Integration\n\n#github", "creation_timestamp": "2023-12-16T07:47:47.000000Z"}, {"uuid": "e97c2e15-e929-4cf0-b06a-057fc21194b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "https://t.me/ctinow/159177", "content": "https://ift.tt/VTpyiBS\nCVE-2023-49954", "creation_timestamp": "2023-12-25T09:31:26.000000Z"}, {"uuid": "00096db4-6736-4783-94c4-6ce08bbbcd8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9594", "content": "#exploit\n1. CVE-2023-6295:\nso-widgets-bundle < 1.51.0 - Admin+ LFI\nhttps://0day.work/cve-2023-6295-so-widgets-bundle-1-51-0-admin-local-file-inclusion\n\n2. CVE-2023-49954:\nSQL Injection in 3CX CRM Integration\nhttps://github.com/CVE-2023-49954/CVE-2023-49954.github.io\n\n3. Whatsapp Exploit to spoofing impersonate of reply message\nhttps://github.com/lichti/whats-spoofing", "creation_timestamp": "2023-12-16T12:30:46.000000Z"}, {"uuid": "56b9f164-ce5b-47ad-a01d-e245a8f4572b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2277", "content": "#exploit\n1. CVE-2023-6295:\nso-widgets-bundle < 1.51.0 - Admin+ LFI\nhttps://0day.work/cve-2023-6295-so-widgets-bundle-1-51-0-admin-local-file-inclusion\n\n2. CVE-2023-49954:\nSQL Injection in 3CX CRM Integration\nhttps://github.com/CVE-2023-49954/CVE-2023-49954.github.io\n\n3. Whatsapp Exploit to spoofing impersonate of reply message\nhttps://github.com/lichti/whats-spoofing", "creation_timestamp": "2024-08-16T08:57:33.000000Z"}]}