CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-40924
https://notcve.org/view.php?id=CVE-2023-40924
SolarView Compact < 6.00 is vulnerable to Directory Traversal. SolarView Compact < 6.00 es vulnerable a Directory Traversal. • https://github.com/Yobing1/CVE-2023-40924 https://github.com/Yobing1/CVE-2023-40924/blob/main/README.md https://nvd.nist.gov/vuln/detail/CVE-2023-33620 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-29919
https://notcve.org/view.php?id=CVE-2023-29919
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. • https://github.com/xiaosed/CVE-2023-29919 https://www.solarview.io • CWE-276: Incorrect Default Permissions •
CVE-2023-23333 – SolarView Compact 6.00 - Command Injection
https://notcve.org/view.php?id=CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. SolarView Compact version 6.00 suffers from a remote command injection vulnerability. • https://www.exploit-db.com/exploits/51886 https://github.com/emanueldosreis/nmap-CVE-2023-23333-exploit https://github.com/binaryusergearone/SolarView-Compact-6.00-Command-Injection-Exploit-CVE-2023-23333- https://github.com/Mr-xn/CVE-2023-23333 https://github.com/Timorlover/CVE-2023-23333 http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html https://attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-44354
https://notcve.org/view.php?id=CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. SolarView Compact 4.0 y 5.0 es vulnerable a la carga de archivos sin restricciones a través de un archivo php manipulado. • https://github.com/strik3r0x1/Vulns/blob/main/Unrestricted%20File%20Upload_%20SolarView%20Compact%204.0%2C5.0.md • CWE-434: Unrestricted Upload of File with Dangerous Type •