Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audiocodes device manager express vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24627
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
Audiocodes Device Manager Express
9.8
CVSSv3
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
5.4
CVSSv3
CVE-2022-24631
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24628
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24630
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Audiocodes Device Manager Express
5.3
CVSSv3
CVE-2022-24632
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
Audiocodes Device Manager Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started