PT-2023-6758 · Contec · Contec Solarview Compact

Atonysan

Publicado

2023-10-27

Atualizado

2024-09-12

CVE-2023-46509

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Contec SolarView Compact versions 6.0 and earlier

Description The issue is related to incorrect code generation management in the texteditor.php component of the Contec SolarView Compact software, which can allow an attacker to execute arbitrary code. This can be exploited by a remote attacker. The texteditor.php component is specifically mentioned as the vulnerable part of the software.

Recommendations For Contec SolarView Compact versions 6.0 and earlier, consider disabling the texteditor.php component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

BDU:2023-07549

CVE-2023-46509

Produtos afetados

Contec Solarview Compact

PT-2023-6758 · Contec · Contec Solarview Compact

CVE-2023-46509

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7