## SolarView Compact downloader.php RCE (CVE-2023-23333)

|   **Vulnerability**  | **SolarView Compact downloader.php RCE (CVE-2023-23333)**  |
| :----:   | :-----|
|  **Chinese name**  | SolarView Compact downloader.php 任意命令执行漏洞（CVE-2023-23333）|
| **CVSS core**  | 10.0 |
| **FOFA Query**  (click to view the results directly)| [body="SolarView Compact"](https://fofa.info/result?qbase64=dGl0bGU9PSJwbGF5U01TIg%3D%3D) |
| **Number of assets affected**  | 5585 |
| **Description**  | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |


![](https://s3.bmp.ovh/imgs/2023/04/03/a32aa1b44858819c.gif)