CNNVD-202512-5063 Information
CNNVD ID
CNNVD-202512-5063
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
SOUND4 IMPACT等都是法国SOUND4公司的产品。SOUND4 IMPACT是一款专业广播音频处理器。SOUND4 FIRST是一款广播用的音频处理器。SOUND4 PULSE是一款音频处理器。 SOUND4多款产品存在SQL注入漏洞,该漏洞源于index.php中username POST参数未经验证,可能导致SQL注入攻击。以下产品受到影响:SOUND4 IMPACT、SOUND4 FIRST和SOUND4 PULSE。
Description (English)
SOUND4 IMPACT and others are products of SOUND4 in France. SOUND4 IMPACT is a professional broadcast audio processor. SOUND4 FIRST is an audio processor for a broadcast. SOUND4 PULTSE is an audio processor. More than SOUND4 products have an injection loophole in SQL, which stems from the unverified use of username POST parameters in index.php, which could lead to an SQL injection attack. The following products were affected: SOUND4 IMPACT, SOUND4 FIRST and SOUND4 PULTSE.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Sound4
Published
2025-12-30
Last Modified
2026-02-24
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/247947 https://packetstormsecurity.com/files/170254/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-SQL-Injection.html https://www.sound4.com/ https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-via-username-parameter https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.php
Share on: