CVE Details
Basic Information
| Title | ICTBroadcast Unauthenticated Session Cookie Remote Code Execution |
|---|---|
| Type | cve |
| Published | 2025-08-05T15:00:32.531Z |
| Modified | 2025-08-05T15:00:32.531Z |
Product Information
| Vendor | ICT Innovations |
|---|---|
| Product | ICTBroadcast |
| Version | 0 |
CVSS Information
| Base Score | 9.3 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H |
AI Analysis
| AI Description | The ICTBroadcast application is vulnerable to remote code execution due to unsafe handling of session cookies. Attackers can inject shell commands, leading to server exploitation. Versions 7.4 and below are affected. |
|---|---|
| AI Severity | Critical |
| AI Vendor | ICT Innovations |
| AI Product | ICTBroadcast |
| AI Version | 7.4 and below |
Affected Products
- ICT Innovations ICTBroadcast 0
Additional Information
| CWE List | CWE-20 |
|---|---|
| Source | VulnCheck |
Description
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling.
Versions 7.4 and below are known to be vulnerable.