Vulnerability Details : CVE-2008-1331
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.
Vulnerability category: Input validation
Products affected by CVE-2008-1331
- cpe:2.3:a:alcatel-lucent:omnipcx_office:*:*:*:*:*:*:*:*
- cpe:2.3:a:alcatel-lucent:omnipcx_office:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1331
92.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-1331
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1331
-
http://www.securityfocus.com/bid/28758
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/492383/100/0/threaded
Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/5662
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41560
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1020082
Third Party Advisory;VDB Entry
-
http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm
Vendor Advisory
-
http://www.vupen.com/english/advisories/2008/1057
Permissions Required
Jump to