Name of the Vulnerable Software and Affected Versions Solar-log (affected versions not specified)

Description The issue is related to errors in the code of the web server component used by default in the Solar-log photoelectric system. This allows an attacker to upload files to arbitrary paths, including system files, without authentication or by using a fixed solarlog:solarlog account. The issue can lead to the execution of arbitrary code and/or denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.