exploitDog

CVE-2022-24629

Опубликовано: 29 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.

Ссылки

http://seclists.org/fulldisclosure/2023/Feb/12
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Feb/12
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*

Версия до 7.8.20002.47752 (включая)

EPSS

Процентиль: 98%

0.45658

Средний

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-xc6r-22gr-xppq

CVSS3: 9.8

github

больше 2 лет назад

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.

EPSS

Процентиль: 98%

0.45658

Средний

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22