Headline

CVE-2020-26124: New security updates available | openmediavault

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

4 years ago

CVE

Open in Source

#vulnerability #ios #debian #js

The following versions needs to be updated immediately because of an authenticated PHP code injection vulnerability (CVE-2020-26124).

openmediavault 3.0.100

Add Debian security repository.
Disable jessie-backports repository.
Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 4.1.36

Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 5.5.12

Update locales.
Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.
Issue #816: If you have assigned a comment to a user, you can’t delete the comment.
Issue #819: Dashboard on mobile not adjusting to 100% screen size.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago