Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Dec 24, 2025
FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
CVE-2019-25243
Description
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =6.4.8
- iWT Ltd./FaceSentry Access Control Systemv5Range: 6.4.8 build 264
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/47064mitreexploit
- www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5523.phpmitrethird-party-advisory
- www.iwt.com.hkmitreproduct
News mentions
0No linked articles in our index yet.