Описание
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-50794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247914
- https://packetstormsecurity.com/files/170266/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-Command-Injection.html
- https://www.sound4.com
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-command-injection-via-username
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5739.php
Связанные уязвимости
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.