CVE-2012-0261
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de marca de tiempo para una acción de instalación.
OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-21 CVE Reserved
- 2012-01-09 CVE Published
- 2015-01-25 First Exploit
- 2024-08-06 CVE Updated
- 2024-11-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Jan/62 | Mailing List |
|
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | X_refsource_misc | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance | X_refsource_confirm | |
| http://www.osvdb.org/78064 | Vdb Entry | |
| https://bugs.op5.com/view.php?id=5094 | X_refsource_confirm | |
| http://web.archive.org/web/20140724161718/http://secunia.com/advisories/47417 |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/41686 | 2015-01-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/47417 | 2014-01-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | <= 5.5.1 Search vendor "Op5" for product "Monitor" and version " <= 5.5.1" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.3.5 Search vendor "Op5" for product "Monitor" and version "5.3.5" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.4.0 Search vendor "Op5" for product "Monitor" and version "5.4.0" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.4.2 Search vendor "Op5" for product "Monitor" and version "5.4.2" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.5.0 Search vendor "Op5" for product "Monitor" and version "5.5.0" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | System-portal Search vendor "Op5" for product "System-portal" | <= 1.6.1 Search vendor "Op5" for product "System-portal" and version " <= 1.6.1" | - |
Affected
| ||||||