CVE-2023-53963
Published: Dec 22, 2025
Modified: Dec 22, 2025
CVSS v3.1
9.8
Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
| Vendor | Product | Versions |
|---|---|---|
SOUND4 Ltd. | Impact/Pulse/First | affected Version 2: 1.1/2.15 |
SOUND4 Ltd. | Impact/Pulse Eco | affected 1.16 |
SOUND4 Ltd. | BigVoice4 | affected 1.2 |
SOUND4 Ltd. | BigVoice2 | affected 1.30 |
SOUND4 Ltd. | Stream | affected 1.1/2.4.29 |
Kantar Media | WM2 | affected 1.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now