CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4318

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile35.13th
Published2008年9月29日
Last Modified2026年4月23日

Vulnerability Description

Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

Affected Platforms (CPE)

📦
Project Observer

Observer

<= 0.3.2.1
📦
Project Observer

Observer

= 0.1.0
📦
Project Observer

Observer

= 0.1.1
📦
Project Observer

Observer

= 0.1.2
📦
Project Observer

Observer

= 0.2.0
📦
Project Observer

Observer

= 0.2.1
📦
Project Observer

Observer

= 0.2.2
📦
Project Observer

Observer

= 0.2.3
📦
Project Observer

Observer

= 0.2.4
📦
Project Observer

Observer

= 0.2.5
📦
Project Observer

Observer

= 0.3.1
📦
Project Observer

Observer

= 0.3.2
📦
Project Observer

Observer

= 0.30-pre-1

References & Advisories

🔗 http://securityreason.com/securityalert/4322
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45398
🔗 https://www.exploit-db.com/exploits/6559
🔗 http://securityreason.com/securityalert/4322
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45398
🔗 https://www.exploit-db.com/exploits/6559

相关漏洞威胁

CVE-2018-1874810.0

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), with...

CVE-2017-82299.8

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. I...

CVE-2017-88359.8

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_7...

CVE-2017-77849.8

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been fr...