3CX, a VoIP communications agency, has suggested clients to disable SQL Database integrations because of the dangers posed by a possible vulnerability.
A SQL Injection vulnerability in 3CX CRM Integration has been recognized as CVE-2023-49954.
An attacker can manipulate an utility’s database queries as a consequence of SQL Injection, a prevalent but dangerous net safety flaw.
This will likely lead to attackers getting access to delicate knowledge and, in excessive circumstances, in full management of the database.
The vulnerability targets the CRM integration templates that 3CX affords for connecting to completely different databases, together with MsSQL, PostgreSQL, MongoDB, and MySQL.
“If one of many Integration templates has been used (MsSQL, MySQL, PostgreSQL) they are often topic to SQL injection assaults if the 3CX server is offered on the web and no Net utility firewall is in entrance of the 3CX machine. In that case, it’s attainable to control the unique SQL question executed in opposition to a database”, in line with 3CX CEO Nick Galea.
“Prospects utilizing MongoDB or any of our web-based CRM integration templates should not affected by this.”
Disable your SQL Database Integrations
Pierre Jourdan, the chief data safety officer at 3CX, stated at this time that “if you’re utilizing SQL Database integration, it’s topic doubtlessly to vulnerability – relying upon the configuration.”
“As a precautionary measure, and while we work on an answer to soundly re-enable this integration.”
Quickly disable the next database integrations:
- Database MongoDB
- Database MsSQL
- Database MySQL
- Database PostgreSQL
There isn’t any impression on any web-based CRM integrations.
Which 3CX Variations are affected?
Confirm whether or not you’re utilizing one of many above-mentioned integrations for those who’re working Model 18.
This may be completed by way of Administration Console / Settings / CRM. Set it to “None” and save.
Confirm whether or not you’re utilizing any of the above-mentioned integrations if you’re working Model 20.
You may accomplish this from Webclient / Admin Console / Integrations / CRM. Reserve it with “None” chosen.
The report additionally said that merely 0.25% of the person inhabitants has built-in sequel. That is an older integration designed for an on-premise firewall-secured community.
Nonetheless, relying on the configuration, using a SQL Database integration might expose you to a vulnerability. Prospects are being requested to disable SQL database integrations to stop hacking assaults.
Redmi 13C (Stardust Black, 8GB RAM, 256GB Storage) | 90Hz Display | 50MP AI Triple Camera
₹11,499.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Redmi 12 5G Moonstone Silver 6GB RAM 128GB ROM
₹13,499.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Redmi 13C 5G (Startrail Green, 4GB RAM, 128GB Storage) | MediaTek Dimensity 6100+ 5G | 90Hz Display
(as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Ambrane Unbreakable 60W / 3A Fast Charging 1.5m Braided Type C Cable for Smartphones, Tablets, Laptops & other Type C devices, PD Technology, 480Mbps Data Sync, Quick Charge 3.0 (RCT15A, Black)
₹179.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
OnePlus Nord CE 3 Lite 5G (Chromatic Gray, 8GB RAM, 128GB Storage)
₹19,999.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Callas Multipurpose Foldable Laptop Table with Cup Holder | Drawer | Mac Holder | Study Table, Breakfast Table, Foldable and Portable/Ergonomic & Rounded Edges/Non-Slip Legs (WA-27-Black) | Metal
₹499.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Duracell USB Type C, 3A Braided Sync & Fast Charging Cable, 3.9 Ft (1.2M),QC 2.0/3.0 Ultra Fast Charging,Compatible with Samsung,One Plus & all C type devices,Seamless Data Transmission,Series 3-Black
₹379.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
HP Wired Mouse 100 with 1600 DPI Optical Sensor, USB Plug-and -Play,ambidextrous Design, Built-in Scrolling and 3 Handy Buttons. 3-Years Warranty (6VY96AA)
₹279.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Portronics Toad 23 Wireless Optical Mouse with 2.4GHz, USB Nano Dongle, Optical Orientation, Click Wheel, Adjustable DPI(Black)
₹299.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
STRIFF Adjustable Laptop Tabletop Stand Patented Riser Ventilated Portable Foldable Compatible with MacBook Notebook Tablet Tray Desk Table Book with Free Phone Stand (Black)
₹299.00 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
SAMSUNG T7 Shield 4TB, Portable SSD, up-to 1050MB/s, USB 3.2 Gen2, Rugged, IP65 Water & Dust Resistant, for Photographers, Content Creators and Gaming, Extenal Solid State Drive (MU-PE4T0S/AM), Black
$229.99 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ELEGOO Mega R3 Project The Most Complete Ultimate Starter Kit with Tutorial Compatible with Arduino IDE
$65.99 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Seagate Portable 4TB External Hard Drive HDD – USB 3.0 for PC, Mac, Xbox, & PlayStation - 1-Year Rescue Service (STGX4000400)
$99.99 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
WD 5TB Elements Portable HDD, External Hard Drive, USB 3.0 for PC & Mac, Plug and Play Ready - WDBU6Y0050BBK-WESN
$119.99 (as of December 17, 2023 21:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)