Podatność CVE-2022-24629
Publikacja: 2023-05-29

Opis:
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
Eric Flokstra
24.02.2023

 Referencje:
http://seclists.org/fulldisclosure/2023/Feb/12
Copyright 2024, cxsecurity.com

 

Back to Top