CVE-2024-58286

CRITICAL

dizqueTV 1.5.3 - Remote Code Execution via FFMPEG Executable Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58286. PoCs published by Ahmed Said Saud Al-Busaidi.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in dizqueTV 1.5.3 by manipulating the FFMPEG Executable Path setting to execute arbitrary commands. The PoC shows how an attacker can inject commands to read system files like /etc/passwd.

Description

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.

Exploits (1)

exploitdb WORKING POC
by Ahmed Said Saud Al-Busaidi · textwebappsjsp
https://www.exploit-db.com/exploits/52079

This exploit demonstrates a command injection vulnerability in dizqueTV 1.5.3 by manipulating the FFMPEG Executable Path setting to execute arbitrary commands. The PoC shows how an attacker can inject commands to read system files like /etc/passwd.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: dizqueTV 1.5.3
Auth required
Prerequisites: Access to the dizqueTV web interface · Valid credentials to modify settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/52079
Various Sources product
https://github.com/vexorian/dizquetv

Scores

CVSS v4 9.3
EPSS 0.0052
EPSS Percentile 67.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
vexorian/dizqueTV 1.5.3
Published Dec 11, 2025
Tracked Since Feb 18, 2026