An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2023/Feb/12 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-05-29T00:00:00
Updated: 2023-05-29T00:00:00
Reserved: 2022-02-07T00:00:00
Link: CVE-2022-24629
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-29T21:15:09.523
Modified: 2023-06-02T03:05:17.787
Link: CVE-2022-24629
JSON object: View
Redhat Information
No data.
CWE