CVE-2022-50694

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier

Description The software contains an SQL injection issue in the username POST parameter of the ''index.php'' file. Attackers can manipulate database queries by injecting arbitrary SQL code through this parameter, potentially bypassing authentication and gaining access to unauthorized database information.

Recommendations Versions prior to 2.x should be updated. As a temporary workaround, restrict or sanitize input to the username parameter in the ''index.php'' file.