Legrand SMS PowerView Redirect-Based File Inclusion Vulnerability

Vulnerability

A critical file inclusion vulnerability has been identified in Legrand SMS PowerView versions 1.x. The issue arises from an unknown function that allows remote attackers to manipulate the 'redirect' argument, leading to unauthorized file inclusion. This vulnerability has been publicly disclosed and is accompanied by a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for file inclusion, which could be leveraged to execute arbitrary code or access sensitive information, depending on the included file.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Legrand SMS PowerView Redirect-Based File Inclusion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating