34 matches found
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24628
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
CVE-2022-24628
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
CVE-2022-24631
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...
CVE-2022-24629
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodesfiles/ajax/...
CVE-2022-24630
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
CVE-2022-24630
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
Cross site scripting
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...
Sql injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...
Sql injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...
Cross site request forgery (csrf)
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an sshcommand field that is executed...
PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...
PT-2023-12761 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue allows remote code execution via directory traversal in the dir parameter of the file upload functionality of "BrowseFiles.php". An attacker can upload a...
CVE-2022-24632
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...
CVE-2022-24630
AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a vulnerability in BrowseFiles.php where a POST request with cmd=ssh and an ssh_command field is executed, enabling remote code execution. This affects the vulnerable command handling path and can lead to RCE. Public expl...
CVE-2022-24632
CVE-2022-24632 affects AudioCodes Device Manager Express up to version 7.8.20002.47752. The vulnerability is a directory traversal during file download via the BrowseFiles.php view parameter, as described in the Red Hat and CNNVD entries and reflected across multiple feeds. The root cause is a pa...