Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-23333

Published: 06/02/2023 Updated: 06/09/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Contec

Vulnerability Summary

There is a command injection vulnerability in SolarView Compact up to and including 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

contec solarview_compact_firmware

Vendor Advisories

Check Point Security Alerts: Contec Solarview Compact Firmware Command Injection (CVE-2023-23333)
Check Point Reference: CPAI-2023-1601 Date Published: 25 Mar 2024 Severity: Critical ...

Exploits

Exploit DB: SolarView Compact 6.00 Command Injection
SolarView Compact version 600 suffers from a remote command injection vulnerability ...
Exploit DB: SolarView Compact 6.00 Remote Command Execution
This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 600 web application via the vulnerable endpoint downloaderphp After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user contec) ...

Github Repositories

https://github.com/laohuan12138/exp-collect

自己写的一些exp

exp-collect 自己写的一些exp 漏洞exp列表 Contec SolarView Compact 远程命令执行(CVE-2023-23333) Chamilo 命令执行漏洞 (cve-2023-34960) nginxwebui 命令执行漏洞 panabit-ixcache后台命令执行漏洞 sslvpn_client_rce (多厂商设备)RCE

https://github.com/emanueldosreis/nmap-CVE-2023-23333-exploit

Nmap NSE script to dump / test Solarwinds CVE-2023-23333 vulnerability

nmap-CVE-2023-23333-exploit Nmap NSE script to dump /etc/passwd from remote system using Solarwinds CVE-2023-23333 vulnerability Save the script into a file named solar-CVE-2023-23333nse To run the script, you can use Nmap's --script-args option to provide the output file path: nmap -p --script solar-CVE-2023-23333nse --script-args outputfile=/path/to/outputtxt CISA

https://github.com/Mr-xn/CVE-2023-23333

SolarView Compact through 6.00 downloader.php commands injection (RCE) nuclei-templates

CVE-2023-23333 SolarView Compact through 600 downloaderphp commands injection (RCE) nuclei-templates Burp Nuclei

https://github.com/dddinmx/POC-Pocsuite3

基于Pocsuite3编写的Poc

POC-Pocsuite3 自用,基于Pocsuite3编写,后续随缘更新 2024 • 金和OA未授权信息泄露 2023 • 海康威视iVMS综合安防系统任意文件上传漏洞 • SolarView_CVE-2023-23333 • Confluence未授权管理用户添加_CVE-2023-22515 Apache • Apache_Struts2_001 • Apache_Struts2_016 • Apache_Struts2_017 • Apache_Struts2_01

References

CWE-77https://github.com/Timorlover/CVE-2023-23333http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://github.com/laohuan12138/exp-collecthttps://packetstormsecurity.com/files/177576/SolarView-Compact-6.00-Command-Injection.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1601.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook