Vulnerabilities > 3CX > 3CX > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-49954 | SQL Injection vulnerability in 3CX The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | 9.8 |
| 2022-05-06 | CVE-2022-28005 | Insufficiently Protected Credentials vulnerability in 3CX An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. | 9.8 |