cbcvebase.
CVE-2008-4318
published 2008-09-29

CVE-2008-4318: Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2)…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.04%
96.1th percentile
Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

Affected

13 ranges
VendorProductVersion rangeFixed in
project-observerobserver<= 0.3.2.1
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver
project-observerobserver

Detection & IOCsextracted from sources · hover to see the quote

path/html/whois.php
path/html/netcmd.php
command`/usr/bin/whois $_GET[query] | grep -v \%`
command`/bin/ping $_GET[query]`
command`/usr/sbin/traceroute $_GET[query]`
command`/usr/bin/nmap $_GET[query]`
  • Monitor HTTP GET requests to whois.php or netcmd.php containing shell metacharacters (e.g., ;, |, &, $, `, >, <) in the 'query' parameter, which are passed unsanitized to OS-level commands.
  • ·The vulnerability affects Observer version 0.3.2.1 and earlier; the affected files are whois.php and netcmd.php located under the html/ directory of the installation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.