Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5851 — Link Following in International LTD Openbase

CWE-59 — Link Following4 documents4 sources

Severity

2.1LOWNVD

CNA7.2

EPSS

0.3%

top 48.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openbase International LTD Openbase

Timeline

PublishedNov 10

Latest updateMay 1

Description

openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDopenbase_international_ltd/openbase4 versions+3

🔴Vulnerability Details

GHSA

GHSA-gph2-ph9g-mqfq: openexec in OpenBase SQL before 10↗2022-05-01

▶

CVEList

CVE-2006-5851: openexec in OpenBase SQL before 10↗2006-11-10

▶

💥Exploits & PoCs

Exploit-DB

Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation↗2006-11-08

▶