Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Jan 16, 2026
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php
CVE-2022-50789
Description
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.x+ 1 more
- (no CPE)range: <=2.x
- (no CPE)range: Version 2: 1.1/2.15
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/170260/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-dns.php-Command-Injection.htmlmitreexploit
- www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-conditional-command-injection-via-dnsphpmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5733.phpmitrethird-party-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/247922mitrevdb-entry
- www.sound4.commitreproduct
News mentions
0No linked articles in our index yet.