Vulnerability Details : CVE-2012-0261
Public exploit exists!
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
Exploit prediction scoring system (EPSS) score for CVE-2012-0261
Probability of exploitation activity in the next 30 days: 86.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-0261
-
OP5 license.php Remote Command Execution
Disclosure Date: 2012-01-05First seen: 2020-04-26exploit/multi/http/op5_licenseThis module exploits an arbitrary root command execution vulnerability in the OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable. Authors: - Peter Osterberg <j@vel.nu>
CVSS scores for CVE-2012-0261
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-0261
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0261
- http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
-
http://seclists.org/fulldisclosure/2012/Jan/62
Full Disclosure: OP5 Monitor - Multiple Vulnerabilities
-
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
OP5: Offering Enterprise IT Monitoring and Log Analysis
- https://bugs.op5.com/view.php?id=5094
Products affected by CVE-2012-0261
- cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:op5:system-portal:*:*:*:*:*:*:*:*