Primary

Context

dizqueTV Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in dizqueTV version 1.5.3. This issue allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. By exploiting inadequate input validation, attackers can alter the executable path to include shell commands that read system files, such as /etc/passwd.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution on the server where dizqueTV is running.

Reproduction

To reproduce this vulnerability, navigate to the FFMPEG Executable Path settings in dizqueTV 1.5.3. Inject a command, such as one that reads the /etc/passwd file, into the executable path. After updating the settings, the injected command will be executed, and the contents of the specified file will be displayed.

Added: Dec 11, 2025, 10:45 PM

Updated: Dec 11, 2025, 10:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dizqueTV Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating