CVE-2008-5448

Oracle Secure Backup <10.2.0.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5448. PoCs published by MC, including Metasploit module auxiliary/admin/oracle/osb_execqr.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Oracle Secure Backup by sending a crafted HTTP request to the login.php endpoint with a malicious command embedded in the rbtool parameter. The exploit leverages URI encoding to bypass input validation and execute arbitrary commands on the target system.

Description

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.

Exploits (1)

metasploit WORKING POC

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/osb_execqr.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Oracle Secure Backup by sending a crafted HTTP request to the login.php endpoint with a malicious command embedded in the rbtool parameter. The exploit leverages URI encoding to bypass input validation and execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Oracle Secure Backup 10.1.0.3 to 10.2.0.2

No auth needed

Prerequisites: Network access to the target system · Oracle Secure Backup service exposed on port 443

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33525

Not Applicable vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0115

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33177

Scores

EPSS 0.8177

EPSS Percentile 99.2%

Details

Status published

Products (1)

oracle/secure_backup 10.2.0.2

Published Jan 14, 2009

Tracked Since Feb 18, 2026