Hans-Martin Münch has discovered multiple vulnerabilities in Eaton Network Shutdown Module, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclose sensitive information and compromise a vulnerable system.
1) Input passed via the "paneStatusListSortBy" parameter to view_list.php is not properly sanitised before being used in an "eval()" call and can be exploited to execute arbitrary PHP code.
Successful exploitation of this vulnerability requires that at least one power device is defined in the system.
2) An error due to the application creating session files inside a web accessible directory and without access restrictions can be exploited to disclose another user's session information.
NOTE: This vulnerability affects applications running on Windows only.
3) An error due to the application setting insecure file system permissions on the accounts database file can be exploited to disclose the password of an administrative user.
The vulnerabilities are confirmed in version 3.21 build 01. Other versions may also be affected.
Solution: Restrict access to trusted users and trusted hosts only.
Provided and/or discovered by: Hans-Martin Münch via Secunia.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org