PT-2023-22476 · Unknown · Solarview Compact
Xiaosed
·
Published
2023-05-20
·
Updated
2025-06-03
·
CVE-2023-29919
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SolarView Compact versions 6.0 and earlier
Description
The issue allows any file on the server to be read or modified due to insecure permissions. This is because the
texteditor.php file is not restricted, leading to potential unauthorized access and modification of files.Recommendations
For SolarView Compact versions 6.0 and earlier, restrict access to the
texteditor.php file to prevent unauthorized reading or modification of files on the server.Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarview Compact