CVE-2020-26124

HIGH

openmediavault < 4.1.36 and 5.x < 5.5.12 - Authenticated PHP Code Injection via rpc.php sortfield Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-26124. PoCs published by Anastasios Stasinopoulos, including Metasploit module exploits/unix/webapp/openmediavault_rpc_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated PHP code injection vulnerability in OpenMediaVault's rpc.php via the 'sortfield' parameter, allowing arbitrary command execution as root. It includes authentication, version detection, and payload delivery mechanisms.

Description

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Anastasios Stasinopoulos · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated PHP code injection vulnerability in OpenMediaVault's rpc.php via the 'sortfield' parameter, allowing arbitrary command execution as root. It includes authentication, version detection, and payload delivery mechanisms.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenMediaVault versions before 4.1.36 and 5.x versions before 5.5.12

Auth required

Prerequisites: Valid OpenMediaVault credentials · Network access to the target's rpc.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d

View Patch ZIP pw:eip

Vendor Advisory x_refsource_confirm

https://www.openmediavault.org/?p=2797

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160223/OpenMediaVault-rpc.php-Authenticated-PHP-Code-Injection.html

Scores

CVSS v3 8.8

EPSS 0.6717

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

openmediavault/openmediavault < 4.1.36

Published Oct 02, 2020

Tracked Since Feb 18, 2026