CVE-2023-53960

critical

Description

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potentially gain unauthorized access to the system.

References

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-via-authentication-bypass

https://www.exploit-db.com/exploits/51171

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5726.php

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Details

Source: Mitre, NVD

Published: 2025-12-22

Updated: 2026-01-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00087