CVE-2022-50694

🗓️ 30 Dec 2025 22:41:34Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 10 Views🌐 WEB

SQL injection in the username parameter of index.php on SOUND4 IMPACT/FIRST/PULSE/Eco 2.x allows authentication bypass.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2022-50694	31 Dec 202521:02	–	circl
CNNVD	SOUND4多款产品 SQL注入漏洞	30 Dec 202500:00	–	cnnvd
Cvelist	CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter	30 Dec 202522:41	–	cvelist
EUVD	EUVD-2022-55942	31 Dec 202500:31	–	euvd
NVD	CVE-2022-50694	30 Dec 202523:15	–	nvd
OSV	CVE-2022-50694	30 Dec 202523:15	–	osv
Positive Technologies	PT-2025-54232	30 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter	30 Dec 202522:41	–	vulnrichment
Zero Science Lab	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Authentication Bypass	14 Dec 202200:00	–	zeroscience

NVD

Vulners

Node

sound4 impact_firmwareMatch2.15

AND

sound4 impactMatch2.0

Node

sound4 impact_firmwareMatch1.69

AND

sound4 impactMatch1.0

Node

sound4 pulse_firmwareMatch2.15

AND

sound4 pulseMatch2.0

Node

sound4 pulse_firmwareMatch1.69

AND

sound4 pulseMatch1.0

Node

sound4 first_firmwareMatch2.15

AND

sound4 firstMatch2.0

Node

sound4 first_firmwareMatch1.69

AND

sound4 firstMatch1.0

Node

sound4 impact_eco_firmwareMatch1.16

AND

sound4 impact_ecoMatch-

Node

sound4 pulse_eco_firmwareMatch1.16

AND

sound4 pulse_ecoMatch-

Node

sound4 big_voice4_firmwareMatch1.2

AND

sound4 big_voice4Match-

Node

sound4 big_voice2_firmwareMatch1.30

AND

sound4 big_voice2Match-

Node

sound4 wm2_firmwareMatch1.11

AND

sound4 wm2Match-

Node

sound4 stream_extensionMatch2.4.29

[
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Impact/Pulse/First",
    "versions": [
      {
        "version": "Version 2: 1.1/2.15",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Impact/Pulse Eco",
    "versions": [
      {
        "version": "1.16",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "BigVoice4",
    "versions": [
      {
        "version": "1.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "BigVoice2",
    "versions": [
      {
        "version": "1.30",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Stream",
    "versions": [
      {
        "version": "1.1/2.4.29",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Kantar Media",
    "product": "WM2",
    "versions": [
      {
        "version": "1.11",
        "status": "affected"
      }
    ]
  }
]

Source	Link
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.php
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/247947
packetstormsecurity	www.packetstormsecurity.com/files/170254/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-username-SQL-Injection.html
vulncheck	www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-via-username-parameter
sound4	www.sound4.com/

Parameter	Position	Path	Description	CWE
username	request body	/index.php	SQL injection vulnerability in the username parameter of index.php allowing authentication bypass by injecting arbitrary SQL.	CWE-89

17 Jun 2026 05:24Current

8High risk

Vulners AI Score8

CVSS 3.19.8

CVSS 48.8

EPSS0.00815

SSVC

CWE-89