VYPR
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Jan 16, 2026

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php

CVE-2022-50789

Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.