CVE-2013-3632

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
openmediavaultopenmediavault
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/99143
http://www.exploit-db.com/exploits/29323
http://www.securityfocus.com/bid/62873
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
http://osvdb.org/99143
http://www.exploit-db.com/exploits/29323
http://www.securityfocus.com/bid/62873
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
https://packetstormsecurity.com/files/179859