module
OpenMediaVault rpc.php Authenticated PHP Code Injection
| Disclosed |
|---|
| Sep 28, 2020 |
Disclosed
Sep 28, 2020
Description
This module exploits an authenticated PHP code injection
vulnerability found in openmediavault versions before 4.1.36
and 5.x versions before 5.5.12 inclusive in the "sortfield"
POST parameter of the rpc.php page, because "json_encode_safe()"
is not used in config/databasebackend.inc.
Successful exploitation grants attackers the ability to execute
arbitrary commands on the underlying operating system as root.
vulnerability found in openmediavault versions before 4.1.36
and 5.x versions before 5.5.12 inclusive in the "sortfield"
POST parameter of the rpc.php page, because "json_encode_safe()"
is not used in config/databasebackend.inc.
Successful exploitation grants attackers the ability to execute
arbitrary commands on the underlying operating system as root.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.