CVE-2018-12031

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1570%

EPSS Percentile19.27th

PublishedJun 7, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

Affected Platforms (CPE)

📦

Eaton

Intelligent Power Manager

= 1.6

References & Advisories

🔗 https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion

Related Vulnerabilities

CVE-2021-2328110.0

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM soft...

CVE-2013-403110.0

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Managemen...

CVE-2020-66518.8

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import ...

CVE-2021-232788.7

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due...