CNNVD-202508-934 Information

CNNVD ID

CNNVD-202508-934

Related CVE

CVE-2012-10040

• CNNVD Published: 2025-08-11

Description (Chinese)

Openfiler是提供了一种部署和管理网络存储的简单方法。 Openfiler 2.x版本存在安全漏洞，该漏洞源于device参数未经验证直接传递给exec函数，可能导致远程代码执行和权限提升。

Description (English)

Openfiller is a simple way to deploy and manage network storage. Openfiler 2.x version has a security loophole, which originates from the unverified direct transmission of the Device parameter to the exec function, which may result in remote code execution and enhanced privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-11

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ https://sourceforge.net/projects/openfiler/ https://www.openfiler.com/ https://itsecuritysolutions.org/2012-09-06-Openfiler-v2.x-multiple-vulnerabilities/ http://web.archive.org/web/20210922060411/ https://www.exploit-db.com/exploits/21191 https://access.redhat.com/security/cve/cve-2012-10040