Vulnerability Details CVE-2008-1331
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.609
EPSS Ranking 98.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/29798
- http://www.securityfocus.com/archive/1/492383/100/0/threaded
- http://www.securityfocus.com/bid/28758
- http://www.securitytracker.com/id?1020082
- http://www.vupen.com/english/advisories/2008/1057
- http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41560
- https://www.exploit-db.com/exploits/5662
- http://secunia.com/advisories/29798
- http://www.securityfocus.com/archive/1/492383/100/0/threaded
- http://www.securityfocus.com/bid/28758
- http://www.securitytracker.com/id?1020082
- http://www.vupen.com/english/advisories/2008/1057
- http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41560
- https://www.exploit-db.com/exploits/5662
Products affected by CVE-2008-1331
-
cpe:2.3:a:alcatel-lucent:omnipcx_office:210
-
cpe:2.3:a:alcatel-lucent:omnipcx_office:610