// For flags

CVE-2008-5448

Oracle Secure Backup exec_qr() Command Injection Vulnerability

Severity Score

9.8
*CVSS v3

Exploit Likelihood

84%
*EPSS

Affected Versions

1
*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.

Vulnerabilidad no especificada en el componente Oracle Secure Backup en Oracle Secure Backup 10.2.0.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2008-5444 y CVE-2008-5449.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the routine exec_qr() defined in the web script login.php. The user-supplied variable $rbtool is improperly sanitized and later passed through a call to popen(), this can result in remote pre-authentication command injection.

*Credits: Joxean Koret
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-11 CVE Reserved
  • 2009-01-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-31 First Exploit
  • 2025-03-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (4)
URL Date SRC
Affected Vendors, Products, and Versions (1)