CVE-2019-16293
Description
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can execute arbitrary OS commands via a crafted URL field in Open-AudIT Create Discoveries feature before 3.2.0.
Vulnerability
The Create Discoveries feature in Open-AudIT before 3.2.0 does not properly sanitize the URL field. An authenticated attacker with Discovery Create permissions can inject malicious characters that are passed to the command line executing the discovery script, leading to OS command injection [1].
Exploitation
The attacker must be authenticated and have a role with permission to edit or create discoveries. By injecting special characters into the URL field on the Create Discoveries template, the field contents are passed directly to the command line and executed [1].
Impact
Successful exploitation allows arbitrary OS command execution with the privileges of the web server process, potentially leading to full system compromise [1].
Mitigation
This issue is fixed in Open-AudIT 3.2.0, released in September 2019. Users are advised to upgrade immediately. No workarounds are available; restricting permissions to only trusted users reduces risk [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open-AudIT/Open-AudITdescription
- Range: <3.2.0
Patches
17c83163325cdFix - remove config->item() from tests and replace with config->config[] because old PHP.
3 files changed · +3 −3
code_igniter/application/controllers/include_dictionary.php+1 −1 modified@@ -211,7 +211,7 @@ if ($table == 'collectors') { $dictionary->sentence = 'Open-AudIT Enterprise includes Collectors. Have a single Open-AudIT server control many other servers that perform discovery and collect device information.'; - if ($this->config->item('oae_product') !== 'Open-AudIT Cloud') { + if ($this->config->config['oae_product'] !== 'Open-AudIT Cloud') { $dictionary->about = '<p>The Collectors feature enables you to easily manage many "collector" computers that perform network discovery. All Collectors are centrally controlled from the Server. The only required network ports between the Collector and the Server are 80 and/or 443.<br /><br /> It makes managing disparate networks quick, easy and simple. Open-AudIT Enterprise licensees get a single collector license included and have the option to buy more as required..<br /><br /> ' . $link . '<br /><br /></p>';
code_igniter/application/controllers/include_input_discoveries.php+1 −1 modified@@ -1617,7 +1617,7 @@ } } } else { - if (php_uname('s') == 'Windows NT' and exec('whoami') == 'nt authority\system' and !empty($this->config->item('discovery_use_vintage_service')) and $this->config->item('discovery_use_vintage_service') == 'y') { + if (php_uname('s') == 'Windows NT' and exec('whoami') == 'nt authority\system' and !empty($this->config->config['discovery_use_vintage_service']) and $this->config->config['discovery_use_vintage_service'] == 'y') { $log->message = 'Audit result incoming from target.'; $log->severity = 6; discovery_log($log);
code_igniter/application/controllers/rules.php+1 −1 modified@@ -56,7 +56,7 @@ public function __construct() parent::__construct(); $this->load->model('m_rules'); inputRead(); - $this->output->url = $this->config->item('oa_web_index'); + $this->output->url = $this->config->config['oa_web_index']; } /**
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.