CVE-2022-29303

CVSS 9.8 CRITICALEPSS 99.9%● KEVCWE-78

In short

SolarView Compact version 6.00 allows attackers to inject and execute arbitrary commands through the conf_mail.php file. This can give attackers complete control over the affected system.

Technical detail

Command injection vulnerability in conf_mail.php enables unauthenticated or low-privileged attackers to execute arbitrary OS commands via unsanitized input parameters. The vulnerability exploits insufficient input validation in mail configuration functionality, resulting in remote code execution with system-level privileges.

Summary generated and translated by AI from the official description.

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/Chocapikk/CVE-2022-29303★ 3 githubgithub.com/1f3lse/CVE-2022-29303★ 0 cve_referencepacketstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.htmlunverified exploitdbwww.exploit-db.com/exploits/50940unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.html https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-29303