Description
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Kevin Finisterre · textremotemultiple
https://www.exploit-db.com/exploits/30742
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26347
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38291
Exploit x_refsource_misc
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27525
Scores
EPSS
0.0428
EPSS Percentile
88.9%
Details
CWE
CWE-20
Status
published
Products (1)
openbase_international_ltd/openbase
< 10.0.5
Published
Nov 10, 2007
Tracked Since
Feb 18, 2026