Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection
CVE-2023-53963
Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v2.x+ 1 more
- (no CPE)range: v2.x
- (no CPE)range: Version 2: 1.1/2.15
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/51173mitreexploit
- www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-command-injectionmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5738.phpmitrethird-party-advisory
- web.archive.org/web/20221207074555/https://www.sound4.com/mitreproduct
News mentions
0No linked articles in our index yet.