CVE-2023-53963
- Source
- https://cve.org/CVERecord?id=CVE-2023-53963
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53963.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53963
- Published
- 2025-12-22T22:16:00.693Z
- Modified
- 2026-03-14T12:16:55.884433Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
- References
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53963.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.29"
}
]
}
]