Lucene search
K

9 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.38 views

VulnCheck KEV: CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.8AI score0.01157EPSS
In wildExploits3References3
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.6 views

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.9AI score0.01157EPSS
Exploits3References1
EUVD
EUVD
added 2026/02/28 12:31 a.m.8 views

EUVD-2026-9096

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.9AI score0.01157EPSS
Exploits3References9
NVD
NVD
added 2026/02/27 11:16 p.m.7 views

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS0.01157EPSS
Exploits3References8
OSV
OSV
added 2026/02/27 10:11 p.m.9 views

CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

9.3CVSS7.4AI score0.0097EPSS
Exploits2References10
CVE
CVE
added 2026/02/27 10:11 p.m.43 views

CVE-2026-28515

CVE-2026-28515 overview (openDCIM 23.04 and earlier commits 4467e9c4): The installer and upgrade/LDAP configuration endpoints (install.php and container-install.php) fail to enforce application role checks, allowing any authenticated user to modify configuration when REMOTE_USER is set or when cr...

9.3CVSS5.9AI score0.01157EPSS
In wildExploits3References8Affected Software1
Cvelist
Cvelist
added 2026/02/27 10:11 p.m.269 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS0.01157EPSS
Exploits3References8
OSV
OSV
added 2026/02/27 10:11 p.m.6 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS7.1AI score0.01157EPSS
Exploits3References11
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22426

Name of the Vulnerable Software and Affected Versions openDCIM versions through 23.04 commit 4467e9c4 Description The software contains a SQL injection issue in the Config::UpdateParameter function. The install.php and container-install.php handlers directly incorporate user-provided input into S...

9.3CVSS6.1AI score0.0097EPSS
Exploits2References14
Rows per page
Query Builder