PT-2022-22647 · Unknown · Solarview Compact Sv-Cpt-Mc310
Yngweijw
·
Published
2022-08-16
·
Updated
2022-08-18
·
CVE-2022-35239
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SolarView Compact SV-CPT-MC310 versions 7.23 and earlier
SolarView Compact SV-CPT-MC310F versions 7.23 and earlier
Description
The image file management page contains an insufficient verification issue when uploading files. This can be exploited by a remote authenticated attacker to execute arbitrary PHP code by uploading a specially crafted PHP file.
Recommendations
For SolarView Compact SV-CPT-MC310 versions 7.23 and earlier, restrict access to the image file management page until a fix is available.
For SolarView Compact SV-CPT-MC310F versions 7.23 and earlier, restrict access to the image file management page until a fix is available.
As a temporary workaround, consider disabling file uploads in the image file management page to prevent exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarview Compact Sv-Cpt-Mc310