CVE-2008-6816
Eaton Network Shutdown Module < 3.10 Build 13 - Remote Code Execution via Custom Action
Title source: llmDescription
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46131
Various Sources x_refsource_confirm
http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497824/100/100/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31933
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32456
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50051
Scores
EPSS
0.0446
EPSS Percentile
90.2%
Details
CWE
CWE-287
Status
published
Products (5)
eaton/network_shutdown_module
2.6
eaton/network_shutdown_module
3.0
eaton/network_shutdown_module
3.02
eaton/network_shutdown_module
3.04
eaton/network_shutdown_module
< 3.1_beta
Published
May 28, 2009
Tracked Since
Feb 18, 2026