Timorlover

**Name of the Vulnerable Software and Affected Versions** SolarView Compact versions 6.00 and earlier **Description** The issue is related to a command injection vulnerability, which allows attackers to execute commands by bypassing internal restrictions through the `downloader.php` endpoint. This is due to the lack of input data sanitization measures. The vulnerability can be exploited by a remote attacker to execute arbitrary commands. **Recommendations** For SolarView Compact versions 6.00 and earlier, consider disabling access to the `downloader.php` endpoint until a patch is available. Restricting input data to prevent command injection is also recommended. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarView Compact version 6.00 **Description** A command injection issue was discovered via the network test.php file. **Recommendations** For SolarView Compact version 6.00, as a temporary workaround, consider restricting access to the network test.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.