Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5852 — International LTD Openbase vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

CNA7.2

EPSS

0.4%

top 41.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openbase International LTD Openbase

Timeline

PublishedNov 10

Latest updateMay 1

Description

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDopenbase_international_ltd/openbase4 versions+3

🔴Vulnerability Details

GHSA

GHSA-3w4m-x79g-ghg6: Untrusted search path vulnerability in openexec in OpenBase SQL before 10↗2022-05-01

▶

CVEList

CVE-2006-5852: Untrusted search path vulnerability in openexec in OpenBase SQL before 10↗2006-11-10

▶

💥Exploits & PoCs

Exploit-DB

Xcode OpenBase 10.0.0 (OSX) - Unsafe System Call Privilege Escalation↗2006-11-08

▶