2025-12-22 21:37:17
VulnCheck
PUBLISHED
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the password parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the password POST parameter to execute commands with web server privileges.