Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50793 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-01-13 | N/A | 8.8 HIGH |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges. | |||||
| CVE-2022-50794 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-01-13 | N/A | 9.8 CRITICAL |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands. | |||||