CVE-2013-3632 Information

Description

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Reference

http://osvdb.org/99143 http://www.exploit-db.com/exploits/29323 http://www.securityfocus.com/bid/62873 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats