CVE-2022-50789
Published: Dec 30, 2025
Modified: Jan 16, 2026
CVSS v3.1
7.8
Description
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.
| Vendor | Product | Versions |
|---|---|---|
SOUND4 Ltd. | Impact/Pulse/First | affected Version 2: 1.1/2.15 |
SOUND4 Ltd. | Impact/Pulse Eco | affected 1.16 |
SOUND4 Ltd. | BigVoice4 | affected 1.2 |
SOUND4 Ltd. | BigVoice2 | affected 1.30 |
SOUND4 Ltd. | Stream | affected 1.1/2.4.29 |
Kantar Media | WM2 | affected 1.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now