CVE-2018-2636

HIGH

Oracle Hospitality Simphony <2.9 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-2636. PoCs published by Dmitry Chastuhin, erpscanteam, Cymmetria.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in Oracle Hospitality Simphony (MICROS) versions 2.7, 2.8, and 2.9. It crafts malicious SOAP requests to read arbitrary files, including server information, database credentials, and log files.

Description

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (3)

exploitdb WORKING POC VERIFIED
by Dmitry Chastuhin · pythonwebappsmultiple
https://www.exploit-db.com/exploits/43960

This exploit targets a directory traversal vulnerability in Oracle Hospitality Simphony (MICROS) versions 2.7, 2.8, and 2.9. It crafts malicious SOAP requests to read arbitrary files, including server information, database credentials, and log files.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Oracle Hospitality Simphony (MICROS) 2.7, 2.8, 2.9
No auth needed
Prerequisites: Network access to the vulnerable service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 22 stars
by erpscanteam · poc
https://github.com/erpscanteam/CVE-2018-2636

This repository contains a Python-based proof-of-concept exploit for CVE-2018-2636, targeting Oracle Micros POS systems. The exploit leverages SOAP-based requests to extract server information, database credentials, and log files via an information disclosure vulnerability.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Oracle Micros POS (EGateway)
No auth needed
Prerequisites: Network access to the vulnerable Oracle Micros POS system · SOAP endpoint exposed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 17 stars
by Cymmetria · poc
https://github.com/Cymmetria/micros_honeypot

This is a honeypot designed to detect exploitation attempts of CVE-2018-2636, a directory traversal vulnerability in Oracle Hospitality Simphony. It simulates the vulnerable MICROS server and logs file access attempts.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Oracle Hospitality Simphony (MICROS)
No auth needed
Prerequisites: Network access to the vulnerable server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
https://github.com/erpscanteam/CVE-2018-2636
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43960/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102560

Scores

CVSS v3 8.1
EPSS 0.1398
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (3)
oracle/hospitality_simphony 2.7
oracle/hospitality_simphony 2.8
oracle/hospitality_simphony 2.9
Published Jan 18, 2018
Tracked Since Feb 18, 2026