CVE-2012-0261 – OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-0261

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de marca de tiempo para una acción de instalación. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • https://www.exploit-db.com/exploits/41686 http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78064 https://bugs.op5.com/view.php?id=5094 http://web.archive.org/web/20140724161718/http://secunia.com/advisories/47417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •