Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Jan 5, 2026
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username
CVE-2022-50794
Description
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <= 2.x
- Range: Version 2: 1.1/2.15
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/170266/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-Command-Injection.htmlmitreexploit
- www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-command-injection-via-usernamemitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5739.phpmitrethird-party-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/247914mitrevdb-entry
- www.sound4.commitreproduct
News mentions
0No linked articles in our index yet.