Full title: OpenMediaVault rpc.php Authenticated Cron Remote Code Execution Exploit 
Category: remote exploits
Platform: php
OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.

# 0day.today @ http://0day.today/