AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the....
7.5CVSS
7.6AI Score
0.027EPSS
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority...
9.8CVSS
9.3AI Score
0.251EPSS
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login...
9.8CVSS
9.5AI Score
0.272EPSS
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr...
5.4CVSS
5.2AI Score
0.001EPSS