Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.10 views

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

9CVSS7.6AI score0.67168EPSS
Exploits4
OpenVAS
OpenVAS
added 2023/09/25 12:0 a.m.19 views

Openmediavault < 3.0.100, 4.x < 4.1.36, 5.x < 5.5.12 PHP Code Injection Vulnerability.

Openmediavault is prone to a PHP code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS8.5AI score0.67168EPSS
Exploits4References1
Metasploit
Metasploit
added 2020/11/25 9:9 p.m.84 views

OpenMediaVault rpc.php Authenticated PHP Code Injection

This module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "jsonencodesafe" is not used in config/databasebackend.inc. Successful...

9CVSS8.5AI score0.67168EPSS
Exploits4
0day.today
0day.today
added 2020/11/25 12:0 a.m.59 views

OpenMediaVault rpc.php Authenticated PHP Code Injection Exploit

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "jsonencodesafe" is not used in config/databasebackend.inc...

9CVSS9.1AI score0.67168EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/11/25 12:0 a.m.685 views

OpenMediaVault rpc.php Authenticated PHP Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated PHP Code Injection', 'Description' = %q This module exploits an authenticated PHP code injection vulnerabili...

9CVSS0.5AI score0.67168EPSS
Exploits4
Circl
Circl
added 2020/11/24 7:51 p.m.11 views

CVE-2020-26124

creationtimestamp| type| source ---|---|--- 2020-11-24 19:51:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openmediavaultrpcrce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:26+00:00| seen|...

9CVSS8.3AI score0.67168EPSS
Exploits4References1
Cvelist
Cvelist
added 2020/10/02 8:28 a.m.47 views

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

9.1AI score0.67168EPSS
Exploits4References3
CVE
CVE
added 2020/10/02 8:28 a.m.89 views

CVE-2020-26124

OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...

9CVSS8.9AI score0.67168EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder