CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Audiocodes 1Device Manager Express Nov 21, 2024 May 29, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. |
1Audiocodes 1Device Manager Express Nov 21, 2024 May 29, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. |
1Audiocodes 1Device Manager Express Jan 14, 2025 May 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php...Show more |
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. |
1Audiocodes 1Device Manager Express Jan 14, 2025 May 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. |