CVE-2012-0262

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Published: Dec 31, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-0262
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
op5 / monitor	5.4.0	5.4.0.x
op5 / monitor	5.3.5	5.3.5.x
op5 / monitor	-	5.5.1.x
op5 / monitor	5.5.0	5.5.0.x
op5 / system-op5config	-	2.0.2.x
op5 / monitor	5.4.2	5.4.2.x

http://seclists.org/fulldisclosure/2012/Jan/62
http://secunia.com/advisories/47417
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78065
https://bugs.op5.com/view.php?id=5094

Vulnerability Database

289,784

CVE-2012-0262