CVE-2020-26124

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

Ссылки

http://packetstormsecurity.com/files/160223/OpenMediaVault-rpc.php-Authenticated-PHP-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d
Patch
Third Party Advisory
https://www.openmediavault.org/?p=2797
Vendor Advisory
http://packetstormsecurity.com/files/160223/OpenMediaVault-rpc.php-Authenticated-PHP-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d
Patch
Third Party Advisory
https://www.openmediavault.org/?p=2797
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openmediavault:openmediavault:*:*:*:*:*:*:*:*

Версия до 4.1.36 (исключая)

cpe:2.3:a:openmediavault:openmediavault:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.5.12 (исключая)

EPSS

Процентиль: 99%

0.80279

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-f68r-v9vp-fxgw

github

больше 3 лет назад