Lucene search
K

53 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 10:12 p.m.3 views

CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

9.3CVSS5.9AI score0.05648EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/02/27 10:12 p.m.29 views

CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

9.3CVSS0.05648EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2026/02/27 10:11 p.m.4 views

CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

9.3CVSS6.1AI score0.0097EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/02/27 10:11 p.m.259 views

CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

9.3CVSS0.0097EPSS
Exploits2References7
CVE
CVE
added 2026/02/27 10:11 p.m.14 views

CVE-2026-28516

OpenDCIM 23.04 (commit 4467e9c4) contains a SQL injection in Config::UpdateParameter. install.php and container-install.php interpolate user input into SQL without prepared statements, allowing an authenticated user to execute arbitrary SQL against the database. The vulnerability is documented as...

9.3CVSS6.1AI score0.0097EPSS
Exploits2References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 10:11 p.m.6 views

CVE-2026-28516

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

9.3CVSS6.1AI score0.0097EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/02/27 10:11 p.m.267 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS0.01157EPSS
Exploits3References8
Vulnrichment
Vulnrichment
added 2026/02/27 10:11 p.m.6 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.9AI score0.01157EPSS
Exploits3References8
ATTACKERKB
ATTACKERKB
added 2026/02/27 10:11 p.m.9 views

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.9AI score0.01157EPSS
Exploits3References9
CVE
CVE
added 2026/02/27 10:11 p.m.38 views

CVE-2026-28515

CVE-2026-28515 overview (openDCIM 23.04 and earlier commits 4467e9c4): The installer and upgrade/LDAP configuration endpoints (install.php and container-install.php) fail to enforce application role checks, allowing any authenticated user to modify configuration when REMOTE_USER is set or when cr...

9.3CVSS5.9AI score0.01157EPSS
In wildExploits3References8Affected Software1
GithubExploit
GithubExploit
added 2026/02/27 7:37 p.m.254 views

Exploit for CVE-2026-28515

openDCIM - SQLi to RCE via Config Poisoning Remote code execu...

6.4AI score0.05648EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22427

Name of the Vulnerable Software and Affected Versions openDCIM versions 23.04 through commit 4467e9c4 Description The application retrieves the dot configuration parameter from the database and passes it directly to the exec function without validation or sanitation. If an attacker can modify the...

9.8CVSS6AI score0.05648EPSS
Exploits2References18
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

openDCIM 操作系统命令注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation or cleanup of user input in the reportnetworkmap.php file, which may...

9.8CVSS5.8AI score0.05648EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

openDCIM 安全漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a security vulnerability. This vulnerability stems from the lack of authorization checks in the install.php and container-install.php files, which may allow unauthorized application...

9.3CVSS5.8AI score0.01157EPSS
Exploits3References9
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

openDCIM SQL注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a SQL injection vulnerability. This vulnerability stems from the use of Config::UpdateParameter without using prepared statements or input sanitization, which may lead to SQL injection...

9.3CVSS5.8AI score0.0097EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28914

Malicious code in bioql PyPI...

5.1CVSS4.7AI score0.00246EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28242

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/15 12:0 a.m.2 views

openDCIM Cross-Site Scripting Vulnerability

openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...

5.1CVSS5.1AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 2:20 p.m.10 views

CVE-2025-10253

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

5.1CVSS5.5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 2:15 p.m.2 views

CVE-2025-10253

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00246EPSS
Exploits0References4
Rows per page
Query Builder