|CVSS SCORE||9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)|
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability.
The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
Oracle has issued an update to correct this vulnerability. More details can be found at: