CVE-2022-28005

EPSS 24.68% · P96 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-28005

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

3CX Phone system（web）management console 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

3CX Phone是一款基于软件的专用分支交换机。该产品可与基于SIP标准的IP电话、SIP中继和VoIP网关配合使用，提供完整的通信解决方案。 3CX Phone system（web）management console 18.0版本存在安全漏洞。攻击者利用该漏洞访问服务器上的任意文件，导致数据泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-28005

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-28005

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-05-06 · 22 CVEs total

CVE-2021-23592	7.7 HIGH	Deserialization of Untrusted Data
CVE-2022-25324	7.5 HIGH	Denial of Service (DoS)
CVE-2021-23792	7.3 HIGH	XML External Entity (XXE) Injection
CVE-2020-19216		Piwigo SQL注入漏洞
CVE-2022-1053		Keylime 输入验证错误漏洞
CVE-2022-28507		Dragon Path Technologies Bharti Airtel Routers 跨站脚本漏洞
CVE-2022-28545		FUDForum 跨站脚本漏洞
CVE-2022-28165		Broadcom Brocade SANnav 安全漏洞
CVE-2022-28163		Broadcom Brocade SANnav SQL注入漏洞
CVE-2022-28164		Broadcom Brocade SANnav 加密问题漏洞
CVE-2020-19217		Piwigo SQL注入漏洞
CVE-2022-30293		WebKitGTK 缓冲区错误漏洞
CVE-2020-19215		Piwigo SQL注入漏洞
CVE-2020-19213		Piwigo SQL注入漏洞
CVE-2020-19212		piwigo SQL注入漏洞
CVE-2022-28973		Tenda AX1806 缓冲区错误漏洞
CVE-2022-28972		Tenda AX1806 缓冲区错误漏洞
CVE-2022-28971		Tenda AX1806 缓冲区错误漏洞
CVE-2022-28970		Tenda AX1806 缓冲区错误漏洞
CVE-2022-28969		Tenda AX1806 缓冲区错误漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-28005

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-28005

I. Basic Information for CVE-2022-28005

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-28005

III. Intelligence Information for CVE-2022-28005

Same Patch Batch · n/a · 2022-05-06 · 22 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-28005

Leave a comment