CVE-2008-1331

OmniPCX Office OXO210 < 210/091.001 and OXO600 < 610/014.001 - Remote Command Execution via FastJSData.cgi id2 Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1331. PoCs published by DSecRG.

AI-analyzed exploit summary The advisory describes a remote command execution vulnerability in Alcatel OmniPCX Office's web interface via the FastJSData.cgi script, where the id2 parameter is not properly sanitized, allowing arbitrary command execution.

Description

cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DSecRG · textwebappscgi

https://www.exploit-db.com/exploits/5662

View Code ZIP pw:eip

The advisory describes a remote command execution vulnerability in Alcatel OmniPCX Office's web interface via the FastJSData.cgi script, where the id2 parameter is not properly sanitized, allowing arbitrary command execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Alcatel OmniPCX Office (since release 210/061.1)

No auth needed

Prerequisites: Network access to the vulnerable web interface

MITRE ATT&CK