CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0244

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile34.34th
PublishedJan 12, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Affected Platforms (CPE)

πŸ“¦
Sap

Maxdb

<= 7.6.3_build_007

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/sapone-adv.txt
πŸ”— http://secunia.com/advisories/28409
πŸ”— http://securityreason.com/securityalert/3536
πŸ”— http://www.securityfocus.com/archive/1/486039/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/27206
πŸ”— http://www.securitytracker.com/id?1019171
πŸ”— http://www.vupen.com/english/advisories/2008/0104
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39573

Related Vulnerabilities

CVE-2005-127410.0

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote ...

CVE-2005-068410.0

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (...

CVE-2004-116810.0

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbit...

CVE-2006-430510.0

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name wh...