CVE-2013-3632

Опубликовано: 29 сент. 2014

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Ссылки

http://osvdb.org/99143
http://www.exploit-db.com/exploits/29323
Exploit
http://www.securityfocus.com/bid/62873
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Exploit
http://osvdb.org/99143
http://www.exploit-db.com/exploits/29323
Exploit
http://www.securityfocus.com/bid/62873
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Exploit
https://packetstormsecurity.com/files/179859

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openmediavault:openmediavault:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.7891

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-9xh9-rv54-r5w7