CVE-2012-0262 Information

Description

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Reference

http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ http://www.osvdb.org/78065 https://bugs.op5.com/view.php?id=5094