CVE-2007-3010: CVE-2007-3010

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-3010

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Alcatel-Lucent OmniPCX Enterprise远程命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OmniPCX Enterprise是企业级的集成通讯解决方案。 OmniPCX所带的CGI脚本实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 OmniPCX的Web界面所安装的CGI脚本masterCGI提供了ping功能，如果以ping和user参数运行该脚本的话，就可以从Web界面所在的服务器ping任意可到达的IP。ping是在服务器上执行的，运行服务器上所安装的ping程序，但在将user变量传送到shell之前没有进行任何过滤，因此可以在将任何命令注入到user变量中

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-3010

#	POC Description	Source Link	Shenlong Link
1	The OmniPCX web interface has a script "masterCGI" with a remote command execution vulnerability via the "user" parameter.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2007/CVE-2007-3010.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-3010

Please Login to view more intelligence information

http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.phpx_refsource_MISC
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htmx_refsource_CONFIRM
http://osvdb.org/40521vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/26853third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25694vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/3185vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/36632vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/479699/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://marc.info/?l=full-disclosure&m=119002152126755&w=2mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2007-3010

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-3010

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2007-3010

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-3010

III. Intelligence Information for CVE-2007-3010

IV. Related Vulnerabilities

V. Comments for CVE-2007-3010

Leave a comment