Local File Inclusion Vulnerability in Eaton Intelligent Power Manager v1.6 via server/node_upgrade_srv.js Directory Traversal
CVE-2018-12031 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
Learn more about our Cis Benchmark Audit For Server Software.