CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4318

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile35.13th
PublishedSep 29, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

Affected Platforms (CPE)

πŸ“¦
Project Observer

Observer

<= 0.3.2.1
πŸ“¦
Project Observer

Observer

= 0.1.0
πŸ“¦
Project Observer

Observer

= 0.1.1
πŸ“¦
Project Observer

Observer

= 0.1.2
πŸ“¦
Project Observer

Observer

= 0.2.0
πŸ“¦
Project Observer

Observer

= 0.2.1
πŸ“¦
Project Observer

Observer

= 0.2.2
πŸ“¦
Project Observer

Observer

= 0.2.3
πŸ“¦
Project Observer

Observer

= 0.2.4
πŸ“¦
Project Observer

Observer

= 0.2.5
πŸ“¦
Project Observer

Observer

= 0.3.1
πŸ“¦
Project Observer

Observer

= 0.3.2
πŸ“¦
Project Observer

Observer

= 0.30-pre-1

References & Advisories

πŸ”— http://securityreason.com/securityalert/4322
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45398
πŸ”— https://www.exploit-db.com/exploits/6559
πŸ”— http://securityreason.com/securityalert/4322
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45398
πŸ”— https://www.exploit-db.com/exploits/6559

Related Vulnerabilities

CVE-2018-1874810.0

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), with...

CVE-2017-82299.8

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. I...

CVE-2017-88359.8

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_7...

CVE-2017-77849.8

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been fr...