Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5926 — Improper Input Validation in International LTD Openbase

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

4.3%

top 11.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openbase International LTD Openbase

Timeline

PublishedNov 10

Latest updateMay 1

Description

OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDopenbase_international_ltd/openbase10.0.5

🔴Vulnerability Details

GHSA

GHSA-qv7p-rw6j-rmc4: OpenBase 10↗2022-05-01

▶

CVEList

CVE-2007-5926: OpenBase 10↗2007-11-10

▶

💥Exploits & PoCs

Exploit-DB

OpenBase 10.0.x - Remote Buffer Overflow / Remote Command Execution↗2007-11-05

▶