Audiocodes

Device Manager Express

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-24627

Exploit
  • EPSS 51.09%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 14.01.2025 18:15:23

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.

7.2

CVE-2022-24628

Exploit
  • EPSS 0.1%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 14.01.2025 18:15:23

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.

9.8

CVE-2022-24629

Exploit
  • EPSS 45.66%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 14.01.2025 18:15:23

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .ph...

7.2

CVE-2022-24630

Exploit
  • EPSS 42.6%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:50:46

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.

5.4

CVE-2022-24631

Exploit
  • EPSS 8.46%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:50:46

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.

5.3

CVE-2022-24632

Exploit
  • EPSS 56.94%
  • Veröffentlicht 29.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:50:46

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.