CVE-2017-1092

CRITICAL

IBM Informix Open Admin Tool <12.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-1092. PoCs published by Metasploit, SecuriTeam, SecuriTeam, bcoles, including Metasploit module exploits/multi/http/ibm_openadmin_tool_soap_welcomeserver_exec.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated PHP code execution vulnerability in IBM OpenAdmin Tool by injecting arbitrary PHP code into the 'config.php' file via the 'new_home_page' parameter in the 'saveHomePage' SOAP method.

Description

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/42541

This Metasploit module exploits an unauthenticated PHP code execution vulnerability in IBM OpenAdmin Tool by injecting arbitrary PHP code into the 'config.php' file via the 'new_home_page' parameter in the 'saveHomePage' SOAP method.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM OpenAdmin Tool versions 3.14 and earlier (Informix 11.5, 11.7, 12.1)
No auth needed
Prerequisites: Network access to the target IBM OpenAdmin Tool instance · SOAP service exposed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SecuriTeam · textwebappswindows
https://www.exploit-db.com/exploits/42091

This exploit demonstrates a static PHP code injection vulnerability in IBM Informix Dynamic Server's OpenAdmin Tool (OAT) via the `welcomeService.php` SOAP interface, allowing unauthenticated remote code execution by injecting malicious PHP code into `config.php`. The PoC sends a crafted SOAP request to inject a system command execution payload, then triggers it via a GET request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: IBM Informix Dynamic Server (OAT) versions prior to the patch for CVE-2017-1092
No auth needed
Prerequisites: Network access to port 8080 on the target server · IBM Informix Dynamic Server with OAT installed and running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by SecuriTeam, bcoles · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ibm_openadmin_tool_soap_welcomeserver_exec.rb

This Metasploit module exploits an unauthenticated PHP code execution vulnerability in IBM OpenAdmin Tool by injecting arbitrary PHP code into the 'config.php' file via the 'new_home_page' parameter in the SOAP 'saveHomePage' method.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM OpenAdmin Tool (versions 3.14 and earlier) with IBM Informix 11.5, 11.7, and 12.1
No auth needed
Prerequisites: Network access to the IBM OpenAdmin Tool web interface · SOAP service exposed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22002897
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42541/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42091/

Scores

CVSS v3 9.8
EPSS 0.7577
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (4)
ibm/informix_open_admin_tool 11.5
ibm/informix_open_admin_tool 11.7
ibm/informix_open_admin_tool 12.1
IBM Corporation/Informix Servers 11.5, 11.7, 12.1
Published May 22, 2017
Tracked Since Feb 18, 2026