CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-40924
https://notcve.org/view.php?id=CVE-2023-40924
SolarView Compact < 6.00 is vulnerable to Directory Traversal. SolarView Compact < 6.00 es vulnerable a Directory Traversal. • https://github.com/Yobing1/CVE-2023-40924 https://github.com/Yobing1/CVE-2023-40924/blob/main/README.md https://nvd.nist.gov/vuln/detail/CVE-2023-33620 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 35%CPEs: 2EXPL: 1CVE-2023-29919
https://notcve.org/view.php?id=CVE-2023-29919
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. • https://github.com/xiaosed/CVE-2023-29919 https://www.solarview.io • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 96%CPEs: 2EXPL: 6CVE-2023-23333 – SolarView Compact unauthenticated remote command execution vulnerability.
https://notcve.org/view.php?id=CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. SolarView Compact version 6.00 suffers from a remote command injection vulnerability. • https://www.exploit-db.com/exploits/51886 https://github.com/emanueldosreis/nmap-CVE-2023-23333-exploit https://github.com/binaryusergearone/SolarView-Compact-6.00-Command-Injection-Exploit-CVE-2023-23333- https://github.com/Mr-xn/CVE-2023-23333 https://github.com/Timorlover/CVE-2023-23333 http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html https://attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333 https://raw.githubusercontent.com/rapid7/metasploit-framework/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44355
https://notcve.org/view.php?id=CVE-2022-44355
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. SolarView Compact 7.0 es vulnerable a Cross-site Scripting (XSS) a través de /network_test.php. • https://github.com/strik3r0x1/Vulns/blob/main/SolarView%20Compact%20XSS%20up%20to%207.0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •