8 matches found
CVE-2020-26124
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
Openmediavault < 3.0.100, 4.x < 4.1.36, 5.x < 5.5.12 PHP Code Injection Vulnerability.
Openmediavault is prone to a PHP code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenMediaVault rpc.php Authenticated PHP Code Injection
This module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "jsonencodesafe" is not used in config/databasebackend.inc. Successful...
OpenMediaVault rpc.php Authenticated PHP Code Injection Exploit
This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "jsonencodesafe" is not used in config/databasebackend.inc...
OpenMediaVault rpc.php Authenticated PHP Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated PHP Code Injection', 'Description' = %q This module exploits an authenticated PHP code injection vulnerabili...
CVE-2020-26124
creationtimestamp| type| source ---|---|--- 2020-11-24 19:51:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openmediavaultrpcrce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:26+00:00| seen|...
CVE-2020-26124
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
CVE-2020-26124
OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...