关键信息 Advisory ID: ZSL-2022-5730 Vulnerability Type: Directory Traversal File Write Impact: - Exposure of System Information - Exposure of Sensitive Information Risk: 5/5 Release Date: 14.12.2022 Summary: 输入传递给未正确验证的'upgrade.php'脚本中的'filename' POST参数,导致任意位置写入文件。 Vendor: SOUND4 Ltd. - https://www.sound4.com Affected Version: - FM/HD Radio Processing: Impact/Pulse/First (Version 2: 1.1/2.15), Impact/Pulse/First (Version 1: 2.1/1.69), Impact/Pulse Eco 1.16 - Voice Processing: BigVoice4 1.2, BigVoice2 1.30 - Web-Audio Streaming: Stream 1.1/2.4.29 - Watermarking: WM2 (Kantar Media) 1.11 Tested On: - Apache/2.4.25 (Unix) - OpenSSL/1.0.2k - PHP/7.1.1 - GNU/Linux 5.10.43 (armv7l) - GNU/Linux 4.9.228 (armv7l) Vendor Status: - [26.09.2022] 漏洞发现 - [30.09.2022] 联系厂商 - [13.12.2022] 厂商无响应 - [14.12.2022] 发布公共安全公告 PoC: sound4_traversal.txt Credits: 漏洞由Gjoko Krstic发现 - gjoko@zeroscience.mk References: - [1]: https://packetstormsecurity.com/files/170257/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Directory-Traversal-File-Write.html - [2]: https://exchange.xforce.ibmcloud.com/vulnerabilities/247919 - [3]: https://www.exploit-db.com/exploits/51172 - [4]: https://www.cve.org/CVERecord?id=CVE-2023-53962 - [5]: https://www.vulncheck.com/advisories/sound-impactfirstpulseecox-unauthenticated-directory-traversal-file-write Changelog: - [14.12.2022]: 初始发布 - [28.12.2022]: 添加参考[1] - [20.04.2023]: 添加参考[2]和[3] - [24.12.2025]: 添加参考[4]和[5]