CVE-2025-34115
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| op5 | monitor | 7.1.9 |
| op5 | monitor | 7.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authenticated command injection in op5 Monitor version 7.1.9 and earlier. It occurs through the 'cmd_str' parameter in the command_test.php endpoint, which is part of the 'Test this command' feature in the configuration section. A user with valid login credentials and access to this feature can execute arbitrary shell commands as the unprivileged web application user. The vulnerability arises because the input is not properly sanitized, allowing command injection. It can be exploited via a Cross-Site Request Forgery (CSRF) attack by tricking an authenticated user into visiting a malicious link, enabling remote command execution on the server. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary system commands on the affected server with the privileges of the unprivileged web application user. This can lead to unauthorized access to sensitive data, system compromise, and potentially full takeover of the host. For example, an attacker could read sensitive files like /etc/passwd or execute further exploits to escalate privileges. The exploit is trivial to execute once the attacker has an authenticated user to target, making it a critical security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the op5 Monitor instance is running version 7.1.9 or earlier and if the command_test.php endpoint is accessible. One can attempt to verify the version by sending a GET request to the target URI and parsing the version string from the response body. To test for the vulnerability, an authenticated user can send a crafted GET request to the /monitor/op5/nacoma/command_test.php endpoint with the cmd_str parameter containing a harmless command, such as 'id' or 'whoami', to see if the command executes. For example, using curl: curl -k -b cookies.txt "https://target/monitor/op5/nacoma/command_test.php?cmd_str=id" after authenticating and saving session cookies. Detection involves confirming that the command output is returned or the request does not result in 'Access Denied'. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade op5 Monitor to version 7.2.0 or later, where this vulnerability is fixed. Additionally, restrict access to the web interface to trusted users only, enforce strong authentication, and monitor for suspicious activity involving the command_test.php endpoint. If upgrading immediately is not possible, disable or restrict access to the 'Test this command' feature in the configuration section to prevent exploitation. [1, 2]