module
OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
| Disclosed |
|---|
| Oct 30, 2013 |
Disclosed
Oct 30, 2013
Description
OpenMediaVault allows an authenticated user to create cron jobs as root on the system.
An attacker can abuse this by sending a POST request via rpc.php to schedule and execute
a cron entry that runs arbitrary commands as root on the system.
All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.
An attacker can abuse this by sending a POST request via rpc.php to schedule and execute
a cron entry that runs arbitrary commands as root on the system.
All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.