SolarView Compact 6.00 - Directory Traversal

vendor:

SolarView Compact

by:

Ahmed Alroky

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: SolarView Compact

Affected Version From: 6

Affected Version To: 6

Patch Exists: YES

Related CWE: CVE-2022-29298

CPE: a:contec:solarview_compact:6.00

Metasploit:

Other Scripts:

Tags: lfi,solarview,edb,cve,cve2022

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Nuclei References: https://www.exploit-db.com/exploits/50950, https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view, https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view?usp=sharing, https://nvd.nist.gov/vuln/detail/CVE-2022-29298

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.html:"SolarView Compact"', 'verified': True, 'vendor': 'contec', 'product': 'sv-cpt-mc310_firmware'}

Platforms Tested: Windows

2022

SolarView Compact 6.00 – Directory Traversal

SolarView Compact 6.00 is vulnerable to directory traversal. An attacker can exploit this vulnerability to read arbitrary files from the server by sending a specially crafted HTTP request. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'file' parameter in 'downloader.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability may allow an attacker to read arbitrary files from the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of SolarView Compact 6.00.

Source

SolarView Compact 6.00 – Directory Traversal

Mitigation:

Exploit-DB raw data: