CVE-2022-50793

High CVSS: 8.7

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges.

Vendor

Sound4

Product

Impact Firmware

CWE

CWE-78

Yayın Tarihi

2025-12-30 23:15:46

Güncelleme

2026-01-13 14:36:09

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Impact Firmware HIGH Sound4 2025

Referanslar

https://exchange.xforce.ibmcloud.com/vulnerabilities/247917 https://packetstormsecurity.com/files/170264/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-services-Command-Injection.html https://www.sound4.com/ https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-authenticated-command-injection-via-www-data-handlerphp https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5737.php

Benzer Kayıtlar

High

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allow…

Critical

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the u…

High

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cann…

Medium

CVE-2022-50787

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the…