7 matches found
CVE-2018-16988
Open XDMoD
CVE-2026-45777
Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...
CVE-2018-16960
Open XDMoD
CVE-2026-45778
Open XDMoD
CVE-2018-16961
CVE-2018-16961 affects Open XDMoD up to version 7.5.0, where the file parameter in html/gui/general/dl_publication.php allows path traversal, enabling remote attackers to read PDF files in arbitrary directories. Root cause: improper validation of the file parameter leading to directory traversal....
CVE-2026-45776
Open XDMoD (Open XDMoD) versions prior to 11.0.3 are affected when the optional Job Performance (SUPReMM) module is installed. A flaw in access control allows a crafted HTTPS POST to set a session variable used for authorization, enabling an attacker to view other users’ compute job efficiency me...
CVE-2026-45779
CVE-2026-45779 affects OpenXDMoD: an unauthenticated SQL injection in Open XDMoD versions prior to 10.0.3 can lead to arbitrary SQL execution and complete compromise of the underlying database. The issue impacts all deployments