cbcvebase.
CVE-2008-0244
published 2008-01-12

CVE-2008-0244: SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other…

PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
80.31%
99.6th percentile
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Affected

1 ranges
VendorProductVersion rangeFixed in
sapmaxdb<= 7.6.3_build_007

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://aluigi.org/poc/sapone.zip
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4877.zip
commandexec_sdbinfo && echo dir c:\ | cmd.exe
processcons.exe
filenamecons.exe
  • Detect unauthenticated network requests containing shell metacharacters ('&&', '|', etc.) in SAP MaxDB protocol commands, particularly in 'exec_sdbinfo' and 'show' commands, which can be sent pre-authentication.
  • Monitor for SAP MaxDB spawning child processes (e.g., cmd.exe, sh) as children of cons.exe, which would indicate successful shell metacharacter injection via the system() call.
  • Alert on network traffic to SAP MaxDB containing the string '&&' or pipe characters ('|') within the exec_sdbinfo or other MaxDB command fields, as these are the injection vectors.
  • Flag pre-authentication exploitation attempts: any MaxDB command containing shell metacharacters sent before a login sequence completes should be treated as a potential exploit attempt.
  • ·The vulnerability affects SAP MaxDB on all supported platforms (Windows, Linux, and Solaris), so detection and patching efforts must cover all OS deployments, not just Windows.
  • ·At time of disclosure, no fix was available from the vendor — defenders should prioritize network-level controls to restrict access to the MaxDB service port.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.