CVE-2008-4873
published 2008-11-01CVE-2008-4873: board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.89%
91.0th percentile
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sepal | spboard | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://sansuyu.net/cgi-bin/spboard/board.cgi?id=ors1&number=908.cgi&file=|ls -lia|&action=down_file↗
urlhttp://sansuyu.net/cgi-bin/spboard/board.cgi?id=ors1&number=908.cgi&file=|cat board.cgi|&action=down_file↗
- →Detect exploitation attempts by monitoring HTTP requests to board.cgi containing pipe characters ('|') in the 'file' parameter combined with the 'action=down_file' query parameter, indicating shell metacharacter injection. ↗
- →Use the Google dork 'SPBOARD v4.5' to identify publicly exposed vulnerable instances of Sepal SPBOARD 4.5. ↗
- →Flag HTTP requests to board.cgi where the 'file' parameter contains shell command injection patterns such as '|ls -lia|' or '|cat board.cgi|' alongside 'action=down_file'. ↗
- ·The exploit PoC instructs opening the crafted URL specifically with Mozilla Firefox, which may affect how the shell metacharacters are encoded/transmitted in the request. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj4q-g225-c65p: board
ghsa_unreviewed·2022-05-17
CVE-2008-4873 [HIGH] GHSA-gj4q-g225-c65p: board
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
VulnCheck
sepal spboard Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2008·CVSS 10.0
CVE-2008-4873 [CRITICAL] sepal spboard Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
sepal spboard Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
Affected: sepal spboard
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securityintelligence.com/posts/botnet-attack-mozi-mozied-into-town/; https://sequretek.com/wp-content/uploads/2018/10/Sequretek-Advisory-Mozi-Botnet.pdf
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/32459http://securityreason.com/securityalert/4534http://www.securityfocus.com/bid/31972https://exchange.xforce.ibmcloud.com/vulnerabilities/46192https://www.exploit-db.com/exploits/6864http://secunia.com/advisories/32459http://securityreason.com/securityalert/4534http://www.securityfocus.com/bid/31972https://exchange.xforce.ibmcloud.com/vulnerabilities/46192https://www.exploit-db.com/exploits/6864
2008-11-01
Published
Exploited in the wild