Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Dec 24, 2025

FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

CVE-2019-25243

Description

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.

Affected products

FaceSentry/FaceSentryllm-create
Range: =6.4.8
iWT Ltd./FaceSentry Access Control Systemv5
Range: 6.4.8 build 264

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/47064mitreexploit
www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5523.phpmitrethird-party-advisory
www.iwt.com.hkmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000