CVE-2008-1467

CenterIM <4.22.3 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1467. PoCs published by Brian Fonfara.

AI-analyzed exploit summary This exploit leverages improper input validation in CenterIM's URL handling to inject shell commands via special characters. The PoC demonstrates command injection through crafted URLs containing characters like ';', '$', and '&&'.

Description

CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brian Fonfara · textremotelinux

https://www.exploit-db.com/exploits/5283

View Code ZIP pw:eip

This exploit leverages improper input validation in CenterIM's URL handling to inject shell commands via special characters. The PoC demonstrates command injection through crafted URLs containing characters like ';', '$', and '&&'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CenterIM <= 4.22.3

No auth needed

Prerequisites: Victim must click on a malicious URL in CenterIM

MITRE ATT&CK