CVE-2012-10040 in Openfilerالمعلومات

الملخص

بحسب MITRE • 11/08/2025

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

07/08/2025

إفشاء

11/08/2025

الاعتدال

تمت الموافقة

إدخال

VDB-319427

CPE

جاهز

CWE

CWE-78 (مؤكد)

CVSS

8.8 (VulDB)

EPSS

0.56275

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-10040
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-10040
CVE Details	https://www.cvedetails.com/cve/CVE-2012-10040/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!