Lucene search
K
AudiocodesDevice Manager Express

6 matches found

CVE
CVE
added 2023/05/29 12:0 a.m.86 views

CVE-2022-24627

Summary: CVE-2022-24627 affects AudioCodes Device Manager Express (versions up to 7.8.20002.47752). It is an unauthenticated SQL injection in the parameter p of the login form process_login.php. The underlying cause is improper input handling, enabling attackers to bypass authentication and poten...

9.8CVSS9.9AI score0.26389EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.69 views

CVE-2022-24632

CVE-2022-24632 affects AudioCodes Device Manager Express up to version 7.8.20002.47752. The vulnerability is a directory traversal during file download via the BrowseFiles.php view parameter, as described in the Red Hat and CNNVD entries and reflected across multiple feeds. The root cause is a pa...

5.3CVSS7.2AI score0.27177EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.66 views

CVE-2022-24629

CVE-2022-24629 affects AudioCodes Device Manager Express (versions up to 7.8.20002.47752). The issue is a directory-traversal in the dir parameter of BrowseFiles.php file upload, enabling remote code execution by uploading a .php file to WebAdmin/admin/AudioCodes_files/ajax/. Public sources docum...

9.8CVSS9.7AI score0.37246EPSS
Web
CVE
CVE
added 2023/05/29 12:0 a.m.62 views

CVE-2022-24631

AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a stored XSS vulnerability in the ajaxTenants.php desc parameter. This is documented across multiple sources (CVE-2022-24631 and member metadata) as a cross-site scripting issue in that endpoint. PT-2023-12763 notes recom...

5.4CVSS6.9AI score0.43187EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.57 views

CVE-2022-24628

AudioCodes Device Manager Express (up to version 7.8.20002.47752) is affected by an authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. The CVE is CVE-2022-24628. Impacted component: IPPhoneFirmwareEdit.php; attacker must be authenticated; vulnerability enables potentially...

7.2CVSS7.9AI score0.01239EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.44 views

CVE-2022-24630

AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a vulnerability in BrowseFiles.php where a POST request with cmd=ssh and an ssh_command field is executed, enabling remote code execution. This affects the vulnerable command handling path and can lead to RCE. Public expl...

7.2CVSS8.1AI score0.23895EPSS