VYPR

SolarView Compact

by SolarView

CVEs (8)

  • CVE-2023-23333CriFeb 6, 2023
    risk 0.75cvss 9.8epss 0.99

    There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

  • CVE-2022-40881CriNov 17, 2022
    risk 0.66cvss 9.8epss 0.29

    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php

  • CVE-2023-29919CriMay 23, 2023
    risk 0.64cvss 9.1epss 0.60

    SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.

  • CVE-2022-44354CriNov 29, 2022
    risk 0.64cvss 9.8epss 0.02

    SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.

  • CVE-2022-31374CriJun 21, 2022
    risk 0.64cvss 9.8epss 0.03

    An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.

  • CVE-2022-44355MedNov 29, 2022
    risk 0.40cvss 6.1epss 0.02

    SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.

  • CVE-2022-29302MedMay 12, 2022
    risk 0.36cvss 5.5epss 0.00

    SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.

  • CVE-2023-27920MedMay 23, 2023
    risk 0.28cvss 4.3epss 0.02

    Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.