nepenthe0320

CVE-2024-40116 WRITEUP HIGH WRITEUP

Solar-Log 1000 < 2.8.2 - Plaintext Storage of Passwords in Export and Notification Files

An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

CVSS 8.1

View Code

CVE-2024-40117 WRITEUP CRITICAL WRITEUP

Solar-Log <v2.8.2 - Privilege Escalation

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

CVSS 9.8

View Code