2 matches found
CVE-2025-34328
AudioCodes Fax Server and Auto-Attendant IVR appliances (≤ 2.6.23) expose an unauthenticated script-management endpoint in the web administration component (F2MAdmin) at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-sid...
CVE-2025-34330
The CVE-2025-34330 entry affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web admin component (F2MAdmin) exposes an unauthenticated endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php that accepts uploaded files and writes them into C:\F2...