SolarView Compact
by SolarView
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-23333 | Cri | 0.75 | 9.8 | 0.99 | Feb 6, 2023 | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | ||
| CVE-2022-40881 | Cri | 0.66 | 9.8 | 0.29 | Nov 17, 2022 | SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | ||
| CVE-2023-29919 | Cri | 0.64 | 9.1 | 0.60 | May 23, 2023 | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | ||
| CVE-2022-44354 | Cri | 0.64 | 9.8 | 0.02 | Nov 29, 2022 | SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | ||
| CVE-2022-31374 | Cri | 0.64 | 9.8 | 0.03 | Jun 21, 2022 | An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | ||
| CVE-2022-44355 | Med | 0.40 | 6.1 | 0.02 | Nov 29, 2022 | SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | ||
| CVE-2022-29302 | Med | 0.36 | 5.5 | 0.00 | May 12, 2022 | SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | ||
| CVE-2023-27920 | Med | 0.28 | 4.3 | 0.02 | May 23, 2023 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. |
- risk 0.75cvss 9.8epss 0.99
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
- risk 0.66cvss 9.8epss 0.29
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
- risk 0.64cvss 9.1epss 0.60
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.
- risk 0.64cvss 9.8epss 0.02
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
- risk 0.64cvss 9.8epss 0.03
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
- risk 0.40cvss 6.1epss 0.02
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
- risk 0.36cvss 5.5epss 0.00
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.
- risk 0.28cvss 4.3epss 0.02
Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.