SRC-2016-0025 : Oracle Knowledge Management Forum Attachment Upload Remote Code Execution Vulnerability



CVSS Score:

8.5, (AV:N/AC:L/Au:S/C:C/I:C/A:N)

Affected Vendors:


Affected Products:

Oracle Knowledge Management

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability.

The infocenter forum application allows remote attackers to write arbitrary files into the web application root directory using the fileattached parameter. An attacker could leverage this to execute arbitrary code under the context of SYSTEM.

Vendor Response:

Oracle has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline:

  • 2015-02-10 – Verified and sold to Beyond Security
  • 2016-07-19 – Coordinated public release of advisory

Proof of Concept:


This vulnerability was discovered by Steven Seeley of Source Incite


Source Incite would like to acknowledge Beyond Security’s SSD program for the help with co-ordination of this vulnerability.