CVE-2023-49954
Description
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-49954
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
CVE-2023-49954
SQL Injection in 3CX CRM Integration
Refrence: GitHub