cbcvebase.
CVE-2008-4873
published 2008-11-01

CVE-2008-4873: board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.89%
91.0th percentile
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

Affected

1 ranges
VendorProductVersion rangeFixed in
sepalspboard

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://sansuyu.net/cgi-bin/spboard/board.cgi?id=ors1&number=908.cgi&file=|ls -lia|&action=down_file
urlhttp://sansuyu.net/cgi-bin/spboard/board.cgi?id=ors1&number=908.cgi&file=|cat board.cgi|&action=down_file
path/cgi-bin/spboard/board.cgi
commandaction=down_file&file=|<command>|
  • Detect exploitation attempts by monitoring HTTP requests to board.cgi containing pipe characters ('|') in the 'file' parameter combined with the 'action=down_file' query parameter, indicating shell metacharacter injection.
  • Use the Google dork 'SPBOARD v4.5' to identify publicly exposed vulnerable instances of Sepal SPBOARD 4.5.
  • Flag HTTP requests to board.cgi where the 'file' parameter contains shell command injection patterns such as '|ls -lia|' or '|cat board.cgi|' alongside 'action=down_file'.
  • ·The exploit PoC instructs opening the crafted URL specifically with Mozilla Firefox, which may affect how the shell metacharacters are encoded/transmitted in the request.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.