Help
FortiDAST
FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
rdiwakar
Staff
Staff

Created on ‎04-16-2024 02:17 AM

Article Id 309964

Outbreak Alert: SolarView Compact Command Injection Vulnerability

Description

In CVE-2022-29303, a command injection vulnerability in SolarView Compact version 6.00, discovered via conf_mail.php.

This article describes the assessment of command injection vulnerability in SolarView Compact.
Scope FortiDAST Scripting Engine updated in version 24.1
Solution

Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).

This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.

To configure the scan, it will be necessary to enable the FSE group signature 'solarview' which will select the underlying script: ‘CVE-2022-29303 SolarView Compact command injection vulnerability.’

For reference, a step-by-step guide on how to configure FortiDAST to trigger FSE can be found on Fortinet’s blog:
https://www.fortinet.com/blog/business-and-technology/fortipentest-exploit-engine-a-new-security-ars...
64
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.