CVE-2020-26124

Public exploit
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
Max CVSS
9.0
EPSS Score
60.16%
Published
2020-10-02
Updated
2022-01-06
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-07-17
Updated
2017-07-21

CVE-2013-3632

Public exploit
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
Max CVSS
9.0
EPSS Score
82.79%
Published
2014-09-29
Updated
2014-09-30
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!