cve/2007/CVE-2007-3010.md

### [CVE-2007-3010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3010)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

### POC

#### Reference
- http://marc.info/?l=full-disclosure&m=119002152126755&w=2
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors