Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
3CX 路径遍历漏洞
Vulnerability Description
3CX是一款基于软件开放标准的IP PBX(一种基于IP的公司电话系统),可以提供完整的统一通信。 3CX 存在安全漏洞,该漏洞源于 /Electron/download 接口存在目录遍历漏洞,通过该漏洞可以读取 %WINDIR%system32 目录。
CVSS Information
N/A
Vulnerability Type
N/A