FKIE_CVE-2022-50694

Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information.
References
disclosure@vulncheck.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/247947Third Party Advisory
disclosure@vulncheck.comhttps://packetstormsecurity.com/files/170254/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-SQL-Injection.htmlExploit, Third Party Advisory, VDB Entry
disclosure@vulncheck.comhttps://www.sound4.com/Product
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-via-username-parameterThird Party Advisory
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.phpExploit, Third Party Advisory
Impacted products
Vendor Product Version
sound4 impact_firmware 2.15
sound4 impact 2.0
sound4 impact_firmware 1.69
sound4 impact 1.0
sound4 pulse_firmware 2.15
sound4 pulse 2.0
sound4 pulse_firmware 1.69
sound4 pulse 1.0
sound4 first_firmware 2.15
sound4 first 2.0
sound4 first_firmware 1.69
sound4 first 1.0
sound4 impact_eco_firmware 1.16
sound4 impact_eco -
sound4 pulse_eco_firmware 1.16
sound4 pulse_eco -
sound4 big_voice4_firmware 1.2
sound4 big_voice4 -
sound4 big_voice2_firmware 1.30
sound4 big_voice2 -
sound4 wm2_firmware 1.11
sound4 wm2 -
sound4 stream_extension 2.4.29
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDECDEC-C5A2-4B0D-B3E0-58CCCC804BCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF10967-A7DC-4DF0-94BE-935FFC1888D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "713CC97E-CC0A-41B8-B8CA-EAD8F774F77C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4034A51-85E1-44E7-973B-7BFFFB083832",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED99BE5-4598-4D5C-B0F0-3BE6E5B05C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B0A611-C50E-4397-ACDF-8D090D4AFC88",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3C132F-ACCE-4618-8EC2-31624571F0BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E155FD-162E-4EA9-9BD9-89384B3AD175",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice4_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF4C955-E4AF-4A3A-89F9-481CE5DB7BF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "404A1397-CD88-4CB5-99B9-B84F3359E13F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice2_firmware:1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "45230C2E-D043-45F5-869F-FEB0A3AEB5DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C68C1DC-EC1C-445B-B78C-6E4B64BB5DB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:wm2_firmware:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D5318D-BD08-4D8E-9D94-4D0FD0C0023E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:wm2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8E14DD-2C04-4080-AAE9-6D770436AC6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sound4:stream_extension:2.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFD1447-69A1-4FA0-B285-6F16D9113558",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SOUND4 IMPACT/FIRST/PULSE/Eco \u003c=2.x contains an SQL injection vulnerability in the \u0027username\u0027 POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information."
    },
    {
      "lang": "es",
      "value": "SOUND4 IMPACT/FIRST/PULSE/Eco \u0026lt;=2.x contiene una vulnerabilidad de inyecci\u00f3n SQL en el par\u00e1metro POST \u0027username\u0027 de index.php que permite a los atacantes manipular consultas de base de datos. Los atacantes pueden inyectar c\u00f3digo SQL arbitrario a trav\u00e9s del par\u00e1metro \u0027username\u0027 para eludir la autenticaci\u00f3n y potencialmente acceder a informaci\u00f3n no autorizada de la base de datos."
    }
  ],
  "id": "CVE-2022-50694",
  "lastModified": "2026-01-16T19:16:10.677",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-30T23:15:44.723",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247947"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/170254/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-SQL-Injection.html"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.sound4.com/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-via-username-parameter"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.