CVE-2025-50674
- EPSS 0.04%
- Veröffentlicht 22.08.2025 00:00:00
- Zuletzt bearbeitet 12.09.2025 19:42:37
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.
- EPSS 80.28%
- Veröffentlicht 02.10.2020 09:15:13
- Zuletzt bearbeitet 21.11.2024 05:19:17
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitr...
CVE-2017-1000065
- EPSS 0.35%
- Veröffentlicht 17.07.2017 13:18:18
- Zuletzt bearbeitet 20.04.2025 01:37:25
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated clien...
- EPSS 78.91%
- Veröffentlicht 29.09.2014 22:55:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.