CVE-2012-0262

EXPLOITED

op5config/welcome <2.0.3 - Command Injection

Title source: llm

Description

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsmultiple

https://www.exploit-db.com/exploits/41687

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/op5_welcome.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/47417

[Exploit] http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf

[Various Sources] http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/

[Various Sources] https://bugs.op5.com/view.php?id=5094

[Mailing List] http://seclists.org/fulldisclosure/2012/Jan/62

[Third Party Advisory, VDB Entry] http://www.osvdb.org/78065

Scores

EPSS 0.9000

EPSS Percentile 99.6%

Details

VulnCheck KEV 2020-12-01

CWE

CWE-94

Status published

Products (6)

op5/monitor 5.3.5

op5/monitor 5.4.0

op5/monitor 5.4.2

op5/monitor 5.5.0

op5/monitor < 5.5.1

op5/system-op5config < 2.0.2

Published Dec 31, 2013

Tracked Since Feb 18, 2026