7 matches found
CVE-2023-23333
SolarView Compact 6.00 is affected by an OS command injection via downloader.php, allowing remote code execution. The vulnerability arises from an insecure file parameter in downloader.php that can bypass internal restrictions. Public exploit templates (including Metasploit module) describe obtai...
CVE-2022-40881
CVE-2022-40881 affects SolarView Compact 6.00 (CONTEC) with a remote command-injection via the web server page network_test.php. Multiple connected sources confirm an OS command injection vulnerability on the product’s web interface (CWE-78) that allows an attacker to execute arbitrary commands o...
CVE-2023-29919
SolarView Compact
CVE-2023-40924
SolarView Compact versions prior to 6.00 are vulnerable to a Directory Traversal flaw. Affected product is SolarView Compact (Contec) with version
CVE-2022-44354
CVE-2022-44354 affects SolarView Compact 4.0–5.0. The connected documents describe an Unrestricted File Upload vulnerability caused by insufficient validation of uploaded files in these versions, allowing a crafted PHP file to be uploaded. The consequence is high impact (confidentiality, integrit...
CVE-2022-44355
SolarView Compact 7.0 is affected by a Cross-site Scripting (XSS) vulnerability in the web server page /network_test.php. The issue (CVE-2022-44355) affects the Check Network Communication page and can lead to arbitrary script execution in a logged-in user’s browser. Root cause: XSS in the web in...
CVE-2023-46509
CVE-2023-46509 affects Contec SolarView Compact 6.0 and earlier. The vulnerability is in the texteditor.php component due to incorrect code-generation management, enabling a remote attacker to execute arbitrary code. Impact is reported as arbitrary code execution; no exploit details are provided ...