Eaton Intelligent Power Manager (IPM) before 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an malicious user to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|