CVE-2008-0244

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in…

mitre·CWE-20·Published 2008-01-12

CVSS

—

EPSS

0.80

KEV

Exploits

cve.orgen

228 chars

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

NVDen

228 chars

NVDes

289 chars

SAP MaxDB 7.6.03 build 007 y versiones anteriores, permite que atacantes remotos ejecuten comandos arbitrarios usando "$$", además de otros metacarateres del intéprete de comandos (shell) en exec_sdbinfo, y de otros comandos no especificados, que se ejecutan cuando MaxDB invoca a cons.exe

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C