CVE-2022-24627 PoC — AudioCodes Device Manager Express SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24627.yaml

Associated Vulnerability

Title:AudioCodes Device Manager Express SQL注入漏洞 (CVE-2022-24627)
Description:AudioCodes Device Manager Express是以色列AudioCodes公司的一个 AudioCodes IP 电话、EPOS 和 Jabra 耳机和扬声器的强大生命周期管理工具。 AudioCodes Device Manager Express 7.8.20002.47752及之前版本存在SQL注入漏洞，该漏洞源于p 参数中存在未经身份验证的 SQL 注入。

Description

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.

File Snapshot


 id: CVE-2022-24627

info:
  name: AudioCodes Device Manager Express - SQL Injection
  author: geekni

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!