Vulnerability Details : CVE-2009-1978
Public exploit exists!
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2009-1978
Probability of exploitation activity in the next 30 days: 82.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2009-1978
-
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Disclosure Date: 2009-08-18First seen: 2020-04-26auxiliary/admin/oracle/osb_execqr2This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32). Autho
CVSS scores for CVE-2009-1978
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
References for CVE-2009-1978
- http://www.securitytracker.com/id?1022565
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/51762
-
http://www.zerodayinitiative.com/advisories/ZDI-09-059/
-
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
Page not found | Oracle
-
http://www.vupen.com/english/advisories/2009/1900
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/35678
Products affected by CVE-2009-1978
- cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*