Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-26124: New security updates available | openmediavault

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

CVE
#vulnerability#ios#debian#js

The following versions needs to be updated immediately because of an authenticated PHP code injection vulnerability (CVE-2020-26124).

openmediavault 3.0.100

  • Add Debian security repository.
  • Disable jessie-backports repository.
  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 4.1.36

  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 5.5.12

  • Update locales.
  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.
  • Issue #816: If you have assigned a comment to a user, you can’t delete the comment.
  • Issue #819: Dashboard on mobile not adjusting to 100% screen size.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907