CVE-2008-0244

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
12/01/2008
Last modified:
09/04/2025

Description

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:* 7.6.3_build_007 (including)