virus logo FortiClient Vulnerability

3CX Phone CVE-2019-13176 XML External Entity Vulnerability

description-logoDescription

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).

affected-products-logoAffected Applications

3CX Phone

CVE References

CVE-2019-13176

Other References

https://nvd.nist.gov/vuln/detail/CVE-2019-13176
ID 4513
Created Sep 07, 2022
Description
Updated		 Oct 16, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor 3CX
Patch manual
Application 3CX Phone