Lucene search

K

CVE-2020-26124

🗓️ 02 Oct 2020 09:13:15Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 67 Views

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root

Show more
Related
Detection
Refs
Nvd

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Oct 2020 09:15Current
8.9High risk
Vulners AI Score8.9
CVSS29
CVSS38.8
EPSS0.205
67
.json
Report