Titre complet: OpenMediaVault rpc.php Authenticated PHP Code Injection Exploit 
Catégorie: remote exploits
Plateforme: php
This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

# 0day.today @ http://0day.today/