2 matches found
Omnia MPX 1.5.0+r1 - Local File Inclusion
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...
CVE-2022-36642
Telos Alliance Omnia MPX Node is affected by CVE-2022-36642 via a local file inclusion path involving /appConfig/userDB.json. The Nuclei template for Omnia MPX 1.5.0+r1 documents LFI through logs/downloadMainLog, enabling an attacker to read userDB.json, retrieve cleartext credentials, and escala...