CVE-2023-53960

Published: Dic 22, 2025 Last Modified: Gen 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potentially gain unauthorized access to the system.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0013

Percentile

0,3th

Updated

EPSS Score Trend (Last 84 Days)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Authentication Access Control

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, SQL

Technologies: Database Server

Likelihood of Exploit: High

View CWE Details

Operating System

Wm2 Firmware by Sound4

Product Information

Vendor Sound4

Product Wm2 Firmware

Version 1.11

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:wm2_firmware:1.11:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Pulse Firmware by Sound4

Product Information

Vendor Sound4

Product Pulse Firmware

Version 2.15

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Impact Firmware by Sound4

Product Information

Vendor Sound4

Product Impact Firmware

Version 2.15

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Big Voice2 Firmware by Sound4

Product Information

Vendor Sound4

Product Big Voice2 Firmware

Version 1.30

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:big_voice2_firmware:1.30:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Impact Firmware by Sound4

Product Information

Vendor Sound4

Product Impact Firmware

Version 1.69

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Impact Eco Firmware by Sound4

Product Information

Vendor Sound4

Product Impact Eco Firmware

Version 1.16

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:impact_eco_firmware:1.16:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

First Firmware by Sound4

Product Information

Vendor Sound4

Product First Firmware

Version 1.69

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:first_firmware:1.69:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Pulse Eco Firmware by Sound4

Product Information

Vendor Sound4

Product Pulse Eco Firmware

Version 1.16

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:pulse_eco_firmware:1.16:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Big Voice4 Firmware by Sound4

Product Information

Vendor Sound4

Product Big Voice4 Firmware

Version 1.2

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:big_voice4_firmware:1.2:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Stream Extension by Sound4

Product Information

Vendor Sound4

Product Stream Extension

Version 2.4.29

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:sound4:stream_extension:2.4.29:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Pulse Firmware by Sound4

Product Information

Vendor Sound4

Product Pulse Firmware

Version 1.69

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

First Firmware by Sound4

Product Information

Vendor Sound4

Product First Firmware

Version 2.15

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5726…

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5726.php

https://web.archive.org/web/20221207074555/https://www.soun…

https://web.archive.org/web/20221207074555/https://www.sound4.com/

https://www.exploit-db.com/exploits/51171

https://www.vulncheck.com/advisories/sound-impactfirstpulse…

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-…

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5726…

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5726.php

CVE-2023-53960

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 84 Days)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Common Consequences

Applicable Platforms

Wm2 Firmware by Sound4

Product Information

Pulse Firmware by Sound4

Product Information

Impact Firmware by Sound4

Product Information

Big Voice2 Firmware by Sound4

Product Information

Impact Firmware by Sound4

Product Information

Impact Eco Firmware by Sound4

Product Information

First Firmware by Sound4

Product Information

Pulse Eco Firmware by Sound4

Product Information

Big Voice4 Firmware by Sound4

Product Information

Stream Extension by Sound4

Product Information

Pulse Firmware by Sound4

Product Information

First Firmware by Sound4

Product Information

Iscriviti alla newsletter