CNNVD-202512-4266 Information

CNNVD ID

CNNVD-202512-4266

Related CVE

CVE-2019-25243

• CNNVD Published: 2025-12-24

Description (Chinese)

iWT FaceSentry Access Control System是iWT开源的一个应用软件。提供一个访问控制功能。 iWT FaceSentry Access Control System 6.4.8版本存在安全漏洞，该漏洞源于pingTest.php和tcpPortTest.php脚本存在经过身份验证的远程命令注入，可能导致执行任意shell命令。

Description (English)

iWT FaceSentry Access Control System is an iWT open source application. Provides a access control function. iWT FaceSentry Access Control System version 6.4.8 has a security loophole, which originates from the presence of a remotely authenticated command in pingTest.php and tcpPortTest.php script, which may result in the execution of an arbitrary shell command.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

iWT

Published

2025-12-24

Last Modified

2026-02-24

References

http://www.iwt.com.hk https://www.exploit-db.com/exploits/47064 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5523.php