CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 34%CPEs: 2EXPL: 1CVE-2023-29919
https://notcve.org/view.php?id=CVE-2023-29919
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. • https://github.com/xiaosed/CVE-2023-29919 https://www.solarview.io • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 96%CPEs: 2EXPL: 5CVE-2023-23333 – SolarView Compact 6.00 - Command Injection
https://notcve.org/view.php?id=CVE-2023-23333
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. SolarView Compact version 6.00 suffers from a remote command injection vulnerability. • https://www.exploit-db.com/exploits/51886 https://github.com/emanueldosreis/nmap-CVE-2023-23333-exploit https://github.com/binaryusergearone/SolarView-Compact-6.00-Command-Injection-Exploit-CVE-2023-23333- https://github.com/Mr-xn/CVE-2023-23333 https://github.com/Timorlover/CVE-2023-23333 http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html https://attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 95%CPEs: 2EXPL: 2CVE-2022-40881
https://notcve.org/view.php?id=CVE-2022-40881
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php Se descubrió que SolarView Compact 6.00 contiene una vulnerabilidad de inyección de comandos a través de network_test.php • https://github.com/yilin1203/CVE-2022-40881 https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •