CVE-2019-25243 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized…
High CVSS: 8.7

CVE-2019-25243

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
Vendor
Iwt
Product
Facesentry Access Control System Firmware
CWE
CWE-78
Yayın Tarihi
2025-12-24 20:15:52
Güncelleme
2025-12-30 20:19:32
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-78 Facesentry Access Control System Firmware HIGH Iwt 2025

Referanslar

http://www.iwt.com.hk https://www.exploit-db.com/exploits/47064 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5523.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5523.php