CVE-2023-29919

CRITICAL EXPLOITED NUCLEI

SolarView Compact <= 6.0 - Unauthenticated Arbitrary File Read and Write via texteditor.php

Title source: llm

Exploitation Summary

CVE-2023-29919 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including xiaosed. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository describes an arbitrary file read vulnerability in SolarView Compact 6.00 and below, where attackers can bypass authentication to read files via the texteditor.php endpoint. The PoC is a simple URL example without exploit code.

Description

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.

Exploits (1)

nomisec WRITEUP

by xiaosed · infoleak

https://github.com/xiaosed/CVE-2023-29919

View Code ZIP pw:eip

The repository describes an arbitrary file read vulnerability in SolarView Compact 6.00 and below, where attackers can bypass authentication to read files via the texteditor.php endpoint. The PoC is a simple URL example without exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: SolarView Compact <= 6.00

No auth needed

Prerequisites: Network access to the target · texteditor.php endpoint exposed

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SolarView Compact <= 6.00 - Local File Inclusion

CRITICALVERIFIEDby For3stCo1d

Shodan: http.html:"SolarView Compact" || cpe:"cpe:2.3:h:contec:solarview_compact"

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/xiaosed/CVE-2023-29919/

View Exploit ZIP pw:eip

Not Applicable

https://www.solarview.io/

Scores

CVSS v3 9.1

EPSS 0.6022

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-11-25

CWE

CWE-276

Status published

Products (1)

contec/solarview_compact_firmware < 6.0

Published May 23, 2023

Tracked Since Feb 18, 2026