Summary:

There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php

Vendor:

SolarView Compact

Affected Product:

SolarView Compact <=ver 6.00

poc:

http://example.com/texteditor.php

Details:

You can fill in the location of the file you want to read by visiting the texteditor.php page