CVE-2022-50791

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier

Description The software contains a conditional command injection issue. Local authenticated users can create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by sending an HTTP POST request to the ping.php script. This script triggers the malicious file and then deletes it. The vulnerable API endpoint is /ping.php.

Recommendations Versions prior to 2.x should be updated.