CVE-2008-0244

Description

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

CVSS Version 2.0

nvd

CVE ID: CVE-2008-0244
Base Score: 10.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:C/I:C/A:C

Content on GitHub

gregkcarson | watchers:0

sapmdbret
This is a functional proof of concept program to aid in exploiting systems vulnerable to CVE 2008-0244. This vulnerability specifically relates to issues in how the SAP MaxDB protocol handles specially crafted packets. It is possible to execute system level commands remotely.

Refrence: GitHub

Refrence: NVD