Vulnerabilities > 3CX > 3CX > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-49954 | SQL Injection vulnerability in 3CX The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | 9.8 |
| 2022-05-06 | CVE-2022-28005 | Insufficiently Protected Credentials vulnerability in 3CX An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. | 9.8 |
| 2022-03-28 | CVE-2021-45490 | Improper Certificate Validation vulnerability in 3CX The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. | 9.1 |