15 matches found
ICTBroadcast - Command Injection
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
📄 ICTBroadcast 7.0 Remote Code Execution
A vulnerability in ICTBroadcast version 7.0 allows unauthenticated remote command execution due to improper handling of session cookie values. An attacker can modify cookie entries to inject system commands that the application unintentionally executes...
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 CVSS score: 9.3, relates to improper input...
VulnCheck KEV: CVE-2025-2611
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
Metasploit Wrap-Up 08/08/25
New module content 4 ICTBroadcast Unauthenticated Remote Code Execution Author: Valentin Lobstein Type: Exploit Pull request: 20446 contributed by Chocapikk Path: linux/http/ictbroadcastunauthcookie AttackerKB reference: CVE-2025-2611 Description: This adds a new module for CVE-2025-2611 -...
CVE-2025-2611
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
ICTBroadcast Unauthenticated Remote Code Execution
This module exploits an unauthenticated remote code execution RCE vulnerability in ICTBroadcast. The vulnerability exists in the way session cookies are handled and processed, allowing an attacker to inject arbitrary system commands. Module Options msf use...
CVE-2025-2611
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
CVE-2025-2611 ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
EUVD-2025-23629
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
CVE-2025-2611 ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
CVE-2025-2611
ICTBroadcast
ICT Innovations ICTBroadcast 安全漏洞
ICT Innovations ICTBroadcast is a web-based automated calling and communication platform from ICT Innovations Pakistan. A security vulnerability exists in ICTBroadcast 7.4 and prior versions that stems from not properly handling session cookie data, which could lead to remote command execution...
📄 ICTBroadcast Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution RCE vulnerability in ICTBroadcast. The vulnerability exists in the way session cookies are handled and processed, allowing an attacker to inject arbitrary system commands. This module requires Metasploit:...
PT-2025-31937
Name of the Vulnerable Software and Affected Versions ICTBroadcast versions 7.4 and below Description The ICTBroadcast application improperly handles session cookie data, passing it to shell processing. This allows an attacker to inject shell commands into a session cookie, leading to...