CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-0244

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile34.34th
Published2008年1月12日
Last Modified2026年4月23日

Vulnerability Description

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Affected Platforms (CPE)

📦
Sap

Maxdb

<= 7.6.3_build_007

References & Advisories

🔗 http://aluigi.altervista.org/adv/sapone-adv.txt
🔗 http://secunia.com/advisories/28409
🔗 http://securityreason.com/securityalert/3536
🔗 http://www.securityfocus.com/archive/1/486039/100/0/threaded
🔗 http://www.securityfocus.com/bid/27206
🔗 http://www.securitytracker.com/id?1019171
🔗 http://www.vupen.com/english/advisories/2008/0104
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39573

相關漏洞威脅

CVE-2005-127410.0

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote ...

CVE-2005-068410.0

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (...

CVE-2004-116810.0

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbit...

CVE-2006-430510.0

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name wh...