CVE-2008-5448

🗓️ 14 Jan 2009 01:00:00Reported by oracleType

cve

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 63 Views🌐 WEB

Unspecified vulnerability in Oracle Secure Backup componen

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2008-5448	29 May 201815:50	–	circl
Check Point Advisories	Oracle Secure Backup Multiple Command Injections (CVE-2008-4006; CVE-2008-5448; CVE-2008-5449)	23 Feb 200900:00	–	checkpoint_advisories
Cvelist	CVE-2008-5448	14 Jan 200901:00	–	cvelist
d2	DSquare Exploit Pack: D2SEC_ORA_SECBACK	14 Jan 200901:30	–	d2
Dsquare	Oracle Secure Backup 10.2.0.2 RCE (Linux)	27 Apr 201200:00	–	dsquare
Dsquare	Oracle Secure Backup 10.2.0.2 RCE (Windows)	27 Apr 201200:00	–	dsquare
Metasploit	Oracle Secure Backup exec_qr() Command Injection Vulnerability	23 Feb 200916:26	–	metasploit
NVD	CVE-2008-5448	14 Jan 200901:30	–	nvd
OpenVAS	Ubuntu USN-708-1 (hplip)	20 Jan 200900:00	–	openvas
OpenVAS	Ubuntu USN-707-1 (cupsys)	5 Jun 200900:00	–	openvas

NVD

Node

oracle secure_backupMatch10.2.0.2

Source	Link
vupen	www.vupen.com/english/advisories/2009/0115
securityfocus	www.securityfocus.com/bid/33177
oracle	www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
secunia	www.secunia.com/advisories/33525

Parameter	Position	Path	Description	CWE
rbtool	query param	/login.php?clear=no&ora_osb_lcookie=&ora_osb_bgcookie=&button=Logout&rbtool=	Command injection via rbtool parameter in login.php to execute an arbitrary command constructed in CMD.	CWE-77

16 Jun 2026 22:59Current

5.8Medium risk

Vulners AI Score5.8

CVSS 210

EPSS0.3857

oracle secure backup vulnerability nvd cve-2008-5448