Authenticated SQL Injection in AudioCodes Device Manager Express

Authenticated SQL Injection in AudioCodes Device Manager Express

CVE-2022-24628 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.