CVE-2013-6719

EXPLOITED

IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated OS Command Injection via testconn_host Parameter

Title source: llm

Exploitation Summary

CVE-2013-6719 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including drone.

AI-analyzed exploit summary This exploit demonstrates a remote OS command injection vulnerability in IBM Tealeaf CX (v8 release 8) by injecting commands into the 'testconn_host' parameter of the delivery.php endpoint. It leverages a POST request with crafted data to execute arbitrary commands without authentication.

Description

delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.

Exploits (1)

exploitdb WORKING POC

by drone · pythonwebappsphp

https://www.exploit-db.com/exploits/32546

View Code ZIP pw:eip

This exploit demonstrates a remote OS command injection vulnerability in IBM Tealeaf CX (v8 release 8) by injecting commands into the 'testconn_host' parameter of the delivery.php endpoint. It leverages a POST request with crafted data to execute arbitrary commands without authentication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IBM Tealeaf CX Version 8 Release 8 (and likely prior versions)

No auth needed

Prerequisites: Network access to the target server · The delivery.php endpoint must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89228

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32546

Vendor Advisory x_refsource_confirm

https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a

Scores

EPSS 0.1058

EPSS Percentile 93.5%

Details

VulnCheck KEV 2022-01-12

CWE

CWE-78

Status published

Products (11)

ibm/tealeaf_cx 7.1

ibm/tealeaf_cx 7.2

ibm/tealeaf_cx 8.0

ibm/tealeaf_cx 8.1

ibm/tealeaf_cx 8.2

ibm/tealeaf_cx 8.3

ibm/tealeaf_cx 8.4

ibm/tealeaf_cx 8.5

ibm/tealeaf_cx 8.6

ibm/tealeaf_cx 8.7

... and 1 more

Published Mar 06, 2014

Tracked Since Feb 18, 2026