CVE-2022-50694

Summary

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information.

Affected Software

VendorProductVersion RangeStatus
SOUND4 Ltd.Impact/Pulse/FirstVersion 2: 1.1/2.15affected
SOUND4 Ltd.Impact/Pulse Eco1.16affected
SOUND4 Ltd.BigVoice41.2affected
SOUND4 Ltd.BigVoice21.30affected
SOUND4 Ltd.Stream1.1/2.4.29affected
Kantar MediaWM21.11affected

Weaknesses

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References