← Back

Openmediavault

openmediavault

Vendor: Openmediavault • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-50674
1Openmediavault
1Openmediavault
Sep 12, 2025
Aug 22, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.
CVE-2020-26124
1Openmediavault
1Openmediavault
Nov 21, 2024
Oct 2, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Success...Show more
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.Show less
CVE-2017-1000065
1Openmediavault
1Openmediavault
May 13, 2026
Jul 17, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts...Show more
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.Show less
CVE-2013-3632
1Openmediavault
1Openmediavault
May 6, 2026
Sep 29, 2014
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.