CVE-2013-3632

Published: Sep 29, 2014Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Affected (1)

Products: Openmediavault: Openmediavault

Openmediavault

1 product

Openmediavault

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openmediavault Openmediavault	All versions

Related CWEs

CWE-264

References (11)

http://osvdb.org/99143

Source: cret@cert.org

http://www.exploit-db.com/exploits/29323

Source: cret@cert.org

Exploit

http://www.securityfocus.com/bid/62873

Source: cret@cert.org

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one

Source: cret@cert.org

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats

Source: cret@cert.org

Exploit

http://osvdb.org/99143