5 matches found
Openmediavault < 3.0.100, 4.x < 4.1.36, 5.x < 5.5.12 PHP Code Injection Vulnerability.
Openmediavault is prone to a PHP code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-26124
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
Code injection
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
CVE-2020-26124
OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...
CVE-2020-26124
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...