CVE-2012-0261

op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection

Title source: llm

Description

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsmultiple

https://www.exploit-db.com/exploits/41686

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/op5_license.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/47417

[Various Sources] http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf

[Various Sources] http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/78064

[Various Sources] https://bugs.op5.com/view.php?id=5094

[Mailing List] http://seclists.org/fulldisclosure/2012/Jan/62

Scores

EPSS 0.8719

EPSS Percentile 99.5%

Details

CWE

CWE-94

Status published

Products (6)

op5/monitor 5.3.5

op5/monitor 5.4.0

op5/monitor 5.4.2

op5/monitor 5.5.0

op5/monitor < 5.5.1

op5/system-portal < 1.6.1

Published Dec 31, 2013

Tracked Since Feb 18, 2026