25Ara
CVE-2023-49954 | 3CX prior 18.0.9.23/20.0.0.1494 first name/search string/email address sql injection
A vulnerability, which was classified as critical, has been found in 3CX. This issue affects some unknown processing. The manipulation of the argument first name/search string/email address leads to sql injection. The identification of this vulnerability is CVE-2023-49954. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.