CVE-2013-3632

Summary

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Impact & exploitability

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://osvdb.org/99143
• http://www.securityfocus.com/bid/62873
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
• http://www.exploit-db.com/exploits/29323Exploit
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treatsExploit