CVE-2013-3632

Description

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://osvdb.org/99143
• http://www.exploit-db.com/exploits/29323
• http://www.securityfocus.com/bid/62873
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
• http://osvdb.org/99143
• http://www.exploit-db.com/exploits/29323
• http://www.securityfocus.com/bid/62873
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
• https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
• https://packetstormsecurity.com/files/179859

CWEs

CWE-264