CVE-2019-9106

Name of the Vulnerable Software and Affected Versions SAET Impianti Speciali TEBE Small version 05.01 build 1137

Description The issue allows remote attackers to execute or include local .php files. This can be demonstrated by accessing the /menu=php://filter/convert.base64-encode/resource=index.php endpoint to read index.php.

Recommendations For SAET Impianti Speciali TEBE Small version 05.01 build 1137, consider restricting access to the menu parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.