| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2026-28515 | 27 Feb 202622:11 | – | attackerkb | |
| The vulnerability of the openDCIM software for managing data centers’ infrastructure lies in the lack of authentication procedures, which allows unauthorized users to gain access to protected information. | 9 Jun 202600:00 | – | bdu_fstec | |
| CVE-2026-28515 | 28 Feb 202601:30 | – | circl | |
| openDCIM 安全漏洞 | 27 Feb 202600:00 | – | cnnvd | |
| CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php | 27 Feb 202622:11 | – | cvelist | |
| Exploit for CVE-2026-28515 | 27 Feb 202619:37 | – | githubexploit | |
| EUVD-2026-9096 | 28 Feb 202600:31 | – | euvd | |
| openDCIM install.php SQL Injection to RCE | 15 Apr 202619:02 | – | metasploit | |
| CVE-2026-28515 | 27 Feb 202623:16 | – | nvd | |
| CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php | 27 Feb 202622:11 | – | osv |
[
{
"defaultStatus": "unknown",
"product": "openDCIM",
"repo": "https://github.com/opendcim/openDCIM",
"vendor": "openDCIM",
"versions": [
{
"lessThanOrEqual": "23.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| LDAPServer | request body | /install.php | SQL injection via LDAP configuration fields in install.php allowing modification of configuration data (fac_Config) and setting up for RCE. | CWE-862 |
| LDAPBaseDN | request body | /install.php | SQL injection via LDAP configuration fields in install.php allowing modification of configuration data (fac_Config) and setting up for RCE. | CWE-862 |
| format | query param | /report_network_map.php | RCE trigger endpoint that uses the poisoned configuration value when calling exec(), enabling remote command execution after prior SQL injection. | CWE-862 |
| containerid | query param | /report_network_map.php | RCE trigger endpoint that uses the poisoned configuration value when calling exec(), enabling remote command execution after prior SQL injection. | CWE-862 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation