Описание
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53963
- https://web.archive.org/web/20221207074555/https://www.sound4.com
- https://www.exploit-db.com/exploits/51173
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-command-injection
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5738.php
Связанные уязвимости
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.