本ページは audiocodes device_manager_express に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-24632 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | [email protected] | 5.3 | 31.82% | 2023-05-29 | 2024-11-21 |
| CVE-2022-24631 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. | [email protected] | 5.4 | 0.29% | 2023-05-29 | 2024-11-21 |
| CVE-2022-24630 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. | [email protected] | 7.2 | 25.92% | 2023-05-29 | 2024-11-21 |
| CVE-2022-24629 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/. | [email protected] | 9.8 | 42.44% | 2023-05-29 | 2025-01-14 |
| CVE-2022-24628 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | [email protected] | 7.2 | 0.44% | 2023-05-29 | 2025-01-14 |
| CVE-2022-24627 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | [email protected] | 9.8 | 48.69% | 2023-05-29 | 2025-01-14 |