5 matches found
CVE-2022-24630
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
CVE-2022-24630
AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a vulnerability in BrowseFiles.php where a POST request with cmd=ssh and an ssh_command field is executed, enabling remote code execution. This affects the vulnerable command handling path and can lead to RCE. Public expl...
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
Exploit Title: Device Manager Express 7.8.20002.47752 - Remote Code Execution RCE Date: 02-12-22 Exploit Author: 0xEF Vendor Homepage: https://www.audiocodes.com Software Link: https://ln5.sync.com/dl/82774fdd0/jwqwt632-s65tncqu-iwrtm7g3-iidti637 Version: = 7.8.20002.47752 Tested on: Windows 10 &...
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities. Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link:...
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link: https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager Version: = 7.8.20002.47752 Tested on: Windows 10 / Server 2019 Default credentials: admin/admin...