Lucene search

[email protected]NVD:CVE-2023-23333

HistoryFeb 06, 2023 - 10:15 p.m.

CVE-2023-23333

2023-02-0622:15:09

CWE-77

[email protected]

web.nvd.nist.gov

command injection

solarview compact

downloader.php

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.963 High

EPSS

Percentile

99.6%

JSON

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

Affected configurations

NVD

Node

contecsolarview_compact_firmwareRange≤6.00

AND

contecsolarview_compactMatch-

References

packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html

github.com/Timorlover/CVE-2023-23333

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.963 High

EPSS

Percentile

99.6%

JSON

Related for NVD:CVE-2023-23333

githubexploit5 zdt2 metasploit1 packetstorm2 cvelist1 cve1 prion1 nuclei1 exploitdb1 rapid7blog1