.. / CVE-2022-24260

Exploit for VoipMonitor - Pre-Auth SQL Injection (CVE-2022-24260)

Description:

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.

Nuclei Template

View the template here CVE-2022-24260.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-24260.yaml
Copy

References:

https://kerbit.io/research/read/blog/3
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2022-24260
https://www.voipmonitor.org/changelog-gui?major=5
https://github.com/ARPSyndicate/kenzer-templates