Local File Inclusion Vulnerability in Eaton Intelligent Power Manager v1.6 via server/node_upgrade_srv.js Directory Traversal

Local File Inclusion Vulnerability in Eaton Intelligent Power Manager v1.6 via server/node_upgrade_srv.js Directory Traversal

CVE-2018-12031 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

Learn more about our Cis Benchmark Audit For Server Software.