A vulnerability, which was classified as critical, has been found in 3CX. This issue affects some unknown processing. The manipulation of the argument first name/search string/email address leads to sql injection.
The identification of this vulnerability is CVE-2023-49954. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.