Vulnerabilities (CVE)

Filtered by vendor Audiocodes Subscribe
Filtered by product Device Manager Express
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24632 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 5.3 MEDIUM
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
CVE-2022-24631 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 5.4 MEDIUM
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
CVE-2022-24630 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 7.2 HIGH
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
CVE-2022-24629 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
CVE-2022-24628 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 7.2 HIGH
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
CVE-2022-24627 1 Audiocodes 1 Device Manager Express 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.