CVE-2012-0262 – OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-0262

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. op5config/welcome en el sistema-op5config anterior a 2.0.3 en el Monitor y Appliance de op5 antes de 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de contraseña. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • https://www.exploit-db.com/exploits/41687 http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78065 https://bugs.op5.com/view.php?id=5094 http://web.archive.org/web/20120114164329/http://secunia.com:80/advisories/47417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •