CVE-2022-31374 — Unrestricted File Upload in Sv-cpt-mc310 Firmware

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.4%

top 19.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contec Sv-cpt-mc310 Firmware

Timeline

PublishedJun 21

Latest updateJun 22

Description

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcontec/sv-cpt-mc310_firmware6.0

🔴Vulnerability Details

GHSA

GHSA-j9p2-56j2-2m84: An arbitrary file upload vulnerability /images/background/1↗2022-06-22

▶

CVEList

CVE-2022-31374: An arbitrary file upload vulnerability /images/background/1↗2022-06-21

▶

VulnCheck

contec sv-cpt-mc310_firmware Unrestricted Upload of File with Dangerous Type↗2022

▶