OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.Referenceshttp://www.securityfocus.com/bid/26347https://exchange.xforce.ibmcloud.com/vulnerabilities/38291http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txthttp://secunia.com/advisories/27525
