Device Manager Express Security Vulnerabilities and Issues — Device Manager Express CVE List

Lucene search

AudiocodesDevice Manager Express

6 matches found

CVE•added 2023/05/29 9:15 p.m.•57 views

CVE-2022-24627

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.

9.8CVSS9.9AI score0.51085EPSS

CVE•added 2023/05/29 9:15 p.m.•50 views

CVE-2022-24632

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.

5.3CVSS7.2AI score0.59706EPSS

CVE•added 2023/05/29 9:15 p.m.•49 views

CVE-2022-24629

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.

9.8CVSS9.7AI score0.48669EPSS

CVE•added 2023/05/29 9:15 p.m.•43 views

CVE-2022-24631

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.

5.4CVSS6.9AI score0.08459EPSS

CVE•added 2023/05/29 9:15 p.m.•40 views

CVE-2022-24628

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.

7.2CVSS7.9AI score0.00092EPSS

CVE•added 2023/05/29 9:15 p.m.•27 views

CVE-2022-24630

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.

7.2CVSS8.1AI score0.40637EPSS