Arbitrary PHP Code Execution Vulnerability in SolarView Compact SV-CPT-MC310 Ver.7.23 and Earlier

Arbitrary PHP Code Execution Vulnerability in SolarView Compact SV-CPT-MC310 Ver.7.23 and Earlier

CVE-2022-35239 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

Learn more about our Web Application Penetration Testing UK.