CVE-2012-0261

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0261. PoCs published by Metasploit, including Metasploit module exploits/multi/http/op5_license.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in OP5 Monitor's license.php, allowing arbitrary root command execution via a crafted POST request. The exploit uses backticks to inject commands into the 'timestamp' parameter.

Description

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsmultiple

https://www.exploit-db.com/exploits/41686

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in OP5 Monitor's license.php, allowing arbitrary root command execution via a crafted POST request. The exploit uses backticks to inject commands into the 'timestamp' parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1

No auth needed

Prerequisites: Network access to the target's HTTPS service (port 443) · Vulnerable version of OP5 Monitor

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/op5_license.rb