0xEF

4 exploits Active since May 2023
CVE-2022-24627 EXPLOITDB CRITICAL python WORKING POC
AudioCodes Device Manager Express <7.8.20002.47752 - SQL Injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
CVSS 9.8
CVE-2022-24629 EXPLOITDB CRITICAL python WORKING POC
AudioCodes Device Manager Express <7.8.20002.47752 - RCE
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
CVSS 9.8
CVE-2022-24630 EXPLOITDB HIGH python WORKING POC
AudioCodes Device Manager Express <7.8.20002.47752 - Command Injection
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
CVSS 7.2
CVE-2022-24632 EXPLOITDB MEDIUM python WORKING POC
AudioCodes Device Manager Express <7.8.20002.47752 - Path Traversal
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
CVSS 5.3