|
Description
|
|
A vulnerability has been discovered in OpenNetAdmin, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the application not properly verifying authorisation when accessing /dcm.php and can be exploited to access otherwise restricted functionality and e.g. add arbitrary files on the local file system as modules.
Note: This can further be exploited to execute arbitrary PHP code.
The vulnerability is confirmed in version 13.03.01. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
OpenNetAdmin 13.x
|
|
|
|
|
|
Solution
|
|
No official solution is currently available.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
Matthew Bryant:
http://packetstormsecurity.com/files/122310/OpenNetAdmin-13.03.01-Remote-Code-Execution.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
