Platform
other
Component
sound4-impact-first-pulse-eco
Fixed in
2.0.1
1.16.1
1.2.1
1.30.1
1.1.1
1.11.1
CVE-2022-50694 describes a critical SQL injection vulnerability affecting SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.1 and prior. This flaw allows attackers to inject malicious SQL code through the 'username' parameter in the index.php file, potentially leading to unauthorized access to the database. The vulnerability was publicly disclosed on December 30, 2025, and mitigation strategies are available while a patch is being developed.
The SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco poses a significant threat. Successful exploitation allows an attacker to bypass authentication mechanisms, effectively gaining unauthorized access to the application's database. This could lead to the exfiltration of sensitive data such as user credentials, configuration information, or proprietary business data. Furthermore, an attacker could potentially modify or delete data within the database, leading to data integrity issues and disruption of service. The impact is amplified by the potential for lateral movement within the network if the database contains credentials for other systems. This vulnerability shares similarities with other SQL injection attacks where attackers leverage database access to compromise entire systems.
CVE-2022-50694 is currently listed on the NVD and was publicly disclosed on December 30, 2025. The CVSS score of 9.8 indicates a critical severity. The availability of a public proof-of-concept is currently unknown, but the ease of exploitation associated with SQL injection vulnerabilities suggests a high probability of exploitation. Active campaigns targeting this vulnerability are not yet confirmed, but the critical severity warrants close monitoring.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
Due to the critical nature of this vulnerability and the lack of a readily available patch, immediate mitigation steps are crucial. Implement strict input validation and sanitization on the 'username' parameter in index.php to prevent SQL injection attempts. Consider using a Web Application Firewall (WAF) with SQL injection protection rules to filter malicious requests. If feasible, restrict access to the database server to only authorized personnel and applications. Regularly review and update database user permissions. While awaiting a patch, carefully monitor database logs for suspicious activity. After implementing these mitigations, verify their effectiveness by attempting to reproduce the vulnerability using a safe testing environment.
Actualizar el software SOUND4 IMPACT/FIRST/PULSE/Eco a una versión posterior a la 2.x para corregir la vulnerabilidad de inyección SQL. Consultar al proveedor para obtener la última versión disponible y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-50694 is a critical SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.1 and earlier, allowing attackers to manipulate database queries through the 'username' parameter.
If you are using SOUND4 IMPACT/FIRST/PULSE/Eco version 2.1 or earlier, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
While a patch is pending, implement input validation, WAF rules, and restrict database access. Monitor logs for suspicious activity.
Active exploitation is not yet confirmed, but the critical severity and ease of exploitation suggest a high probability of exploitation. Continuous monitoring is recommended.
Refer to the SOUND4 website and NVD for the latest information and advisories regarding CVE-2022-50694.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.