Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.
A vulnerability in the property_box.php script allows remote attackers to inject arbitrary commands via the objectname parameter.
Apply the patch referenced in the Oracle Critical Patch Update - July 2010.
Exploit works on Oracle Secure Backup 10.3.0.1.0 and requires a valid login and password for Oracle Secure Backup Administration Server.
The target must have read access to the specified SMB share.
The login and password of an account with write access to the specified SMB share must be provided.
The target server must be configured to listen on the HTTP port.