CVE-2023-53962

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

Description The software contains an unauthenticated directory traversal flaw. Remote attackers can write arbitrary files by manipulating the upgfile parameter within the 'upload.cgi' script. Exploitation involves sending specially crafted multipart form-data POST requests containing directory traversal sequences, enabling file writing to unintended locations on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.