CVE-2022-24627

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published May 29, 2023
Updated: Jan 14, 2025
CWE ID 89

Summary

CVE-2022-24627 is a newly disclosed vulnerability affecting AudioCodes Device Manager Express versions up to 7.8.20002.47752. This issue is significant as it allows unauthenticated attackers to inject SQL queries into the p parameter of the process_login.php login form. By exploiting this SQL injection vulnerability, attackers can potentially gain unauthorized access to sensitive information or even take control of the affected system. This can lead to serious consequences, including data theft, unauthorized system modifications, and potential system downtime. It is strongly recommended that affected organizations apply the necessary patches or updates as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share