CVE-2023-23333

Name of the Vulnerable Software and Affected Versions SolarView Compact versions 6.00 and earlier

Description The issue is related to a command injection vulnerability, which allows attackers to execute commands by bypassing internal restrictions through the downloader.php endpoint. This is due to the lack of input data sanitization measures. The vulnerability can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For SolarView Compact versions 6.00 and earlier, consider disabling access to the downloader.php endpoint until a patch is available. Restricting input data to prevent command injection is also recommended. At the moment, there is no information about a newer version that contains a fix for this vulnerability.