34 matches found
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
CVE-2022-24630
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24628
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
CVE-2022-24629
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodesfiles/ajax/...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
CVE-2022-24631
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...
CVE-2022-24630
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24628
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
Sql injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
Cross site request forgery (csrf)
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
Cross site scripting
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...
Sql injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
PT-2023-12763 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is related to stored XSS via the desc parameter in the "ajaxTenants.php" endpoint. Recommendations: For AudioCodes Device Manager Express versions throu...
CVE-2022-24628
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
PT-2023-12764 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue concerns directory traversal during file download. This occurs via the view parameter in the "BrowseFiles.php" endpoint. Recommendations: For versions...
CVE-2022-24629
CVE-2022-24629 affects AudioCodes Device Manager Express (versions up to 7.8.20002.47752). The issue is a directory-traversal in the dir parameter of BrowseFiles.php file upload, enabling remote code execution by uploading a .php file to WebAdmin/admin/AudioCodes_files/ajax/. Public sources docum...