CVE-2007-5926

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

O

penBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.

References

Link	Resource
http://secunia.com/advisories/27525	Vendor Advisory
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt	Exploit
http://www.securityfocus.com/bid/26347	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/38291
http://secunia.com/advisories/27525	Vendor Advisory
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt	Exploit
http://www.securityfocus.com/bid/26347	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/38291

Configurations

Configuration 1 (hide)

cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/27525 - Vendor Advisory~~	() http://secunia.com/advisories/27525 - Vendor Advisory
References	~~() http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt - Exploit~~	() http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt - Exploit
References	~~() http://www.securityfocus.com/bid/26347 - Exploit~~	() http://www.securityfocus.com/bid/26347 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/38291 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/38291 -

Information

Published : 2007-11-10 02:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-5926

Mitre link : CVE-2007-5926

CVE.ORG link : CVE-2007-5926

JSON object : View

Products Affected

openbase_international_ltd

openbase

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-5926", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-11-10T02:46:00.000", "references": [{"url": "http://secunia.com/advisories/27525", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/26347", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/27525", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26347", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38291", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures."}, {"lang": "es", "value": "El OpenBase 10.0.5 y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres shell en los argumentos que se les pasan a el(1) AsciiBackup, (2) a el OEMLicenseInstall y, posiblemente, a otros procedimientos almacenados."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbase_international_ltd:openbase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F241AFA9-1A2A-40C7-A906-A121517A6499", "versionEndIncluding": "10.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}