CVE-2020-26124

Published: Oct 2, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

Affected (2)

Products: Openmediavault: Openmediavault

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openmediavault Openmediavault	Before 4.1.36
Openmediavault Openmediavault	From 5.0.0 to 5.5.12

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://packetstormsecurity.com/files/160223/OpenMediaVault-rpc.php-Authenticated-PHP-Code-Injection.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d

Source: cve@mitre.org

PatchThird Party Advisory

https://www.openmediavault.org/?p=2797

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/160223/OpenMediaVault-rpc.php-Authenticated-PHP-Code-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.openmediavault.org/?p=2797

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.