CNNVD-202512-5061 Information
CNNVD ID
CNNVD-202512-5061
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
SOUND4 IMPACT等都是法国SOUND4公司的产品。SOUND4 IMPACT是一款专业广播音频处理器。SOUND4 FIRST是一款广播用的音频处理器。SOUND4 PULSE是一款音频处理器。 SOUND4多款产品存在操作系统命令注入漏洞,该漏洞源于dns.php脚本对/tmp目录中文件处理不当,可能导致命令注入。以下产品及版本受到影响:SOUND4 IMPACT/FIRST/PULSE/Eco 2.x及之前版本。
Description (English)
SOUND4 IMPACT and others are products of SOUND4 in France. SOUND4 IMPACT is a professional broadcast audio processor. SOUND4 FIRST is an audio processor for a broadcast. SOUND4 PULTSE is an audio processor. More than SOUND4 products have an operational system command leak, which arises from the inappropriate handling of documents in dns.php scripts/tmp directories, which may lead to the injection of orders. The following product and version were affected: SOUND4 IMPACT/FIRT/PULSE/Eco 2.x and earlier.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
Sound4
Published
2025-12-30
Last Modified
2026-02-24
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/247922 https://packetstormsecurity.com/files/170260/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-dns.php-Command-Injection.html https://www.sound4.com/ https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-conditional-command-injection-via-dnsphp https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5733.php
Share on: