CVE-2012-0261

critical

Description

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

References

https://bugs.op5.com/view.php?id=5094

http://www.osvdb.org/78064

http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/

http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf

http://secunia.com/advisories/47417

http://seclists.org/fulldisclosure/2012/Jan/62

Details

Source: Mitre, NVD

Published: 2013-12-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H