EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion

Releases0

Stars4

CVE-2018-12031 | LFI in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-12031 ↗	Jun 7, 2018Thursday, 7 June 2018, 16:29	—	7.5 HIGH
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.