Search criteria
4 vulnerabilities by opendcim
CVE-2026-28517 (GCVE-0-2026-28517)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:12 – Updated: 2026-05-25 23:41
VLAI
Title
openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter
Summary
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://chocapikk.com/posts/2026/opendcim-sqli-to-rce/ | technical-descriptionexploit |
| https://github.com/Chocapikk/opendcim-exploit | exploit |
| https://github.com/opendcim/openDCIM/pull/1664 | issue-tracking |
| https://github.com/opendcim/openDCIM/pull/1664/ch… | patch |
| https://github.com/opendcim/openDCIM/blob/4467e9c… | |
| https://github.com/opendcim/openDCIM/blob/4467e9c… | |
| https://www.vulncheck.com/advisories/opendcim-os-… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28517",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T21:47:42.462140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T21:47:52.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "openDCIM",
"repo": "https://github.com/opendcim/openDCIM",
"vendor": "openDCIM",
"versions": [
{
"lessThanOrEqual": "23.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the \u0027dot\u0027 configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process."
}
],
"value": "openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the \u0027dot\u0027 configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:51.691Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/opendcim-sqli-to-rce/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Chocapikk/opendcim-exploit"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664"
},
{
"tags": [
"patch"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664/changes/8f7ab2a710086a9c8c269560793e47c577ddda09"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/report_network_map.php#L7"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/report_network_map.php#L467"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/opendcim-os-command-injection-via-dot-configuration-parameter"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "openDCIM \u003c= 23.04 OS Command Injection via dot Configuration Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28517",
"datePublished": "2026-02-27T22:12:08.889Z",
"dateReserved": "2026-02-27T21:07:55.466Z",
"dateUpdated": "2026-05-25T23:41:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28516 (GCVE-0-2026-28516)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:11 – Updated: 2026-05-11 23:11
VLAI
Title
openDCIM <= 23.04 SQL Injection in Config::UpdateParameter
Summary
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://chocapikk.com/posts/2026/opendcim-sqli-to-rce/ | technical-descriptionexploit |
| https://github.com/Chocapikk/opendcim-exploit | exploit |
| https://github.com/opendcim/openDCIM/pull/1664 | issue-tracking |
| https://github.com/opendcim/openDCIM/pull/1664/ch… | patch |
| https://github.com/opendcim/openDCIM/blob/4467e9c… | |
| https://github.com/opendcim/openDCIM/blob/4467e9c… | |
| https://www.vulncheck.com/advisories/opendcim-sql… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T21:47:13.706515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T21:47:22.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "openDCIM",
"repo": "https://github.com/opendcim/openDCIM",
"vendor": "openDCIM",
"versions": [
{
"lessThanOrEqual": "23.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database."
}
],
"value": "openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:11:32.162Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/opendcim-sqli-to-rce/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Chocapikk/opendcim-exploit"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664"
},
{
"tags": [
"patch"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664/changes/8f7ab2a710086a9c8c269560793e47c577ddda09"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/install.php#L420-L434"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/config.inc.php#L75-L90"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/opendcim-sql-injection-in-config-updateparameter"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "openDCIM \u003c= 23.04 SQL Injection in Config::UpdateParameter",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28516",
"datePublished": "2026-02-27T22:11:52.246Z",
"dateReserved": "2026-02-27T21:07:55.466Z",
"dateUpdated": "2026-05-11T23:11:32.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28515 (GCVE-0-2026-28515)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:11 – Updated: 2026-05-11 23:11
VLAI
Title
openDCIM <= 23.04 Missing Authorization in install.php
Summary
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
8 references
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28515",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T21:46:36.933259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T21:46:46.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "openDCIM",
"repo": "https://github.com/opendcim/openDCIM",
"vendor": "openDCIM",
"versions": [
{
"lessThanOrEqual": "23.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valentin Lobstein (Chocapikk)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration."
}
],
"value": "openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:11:31.383Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://chocapikk.com/posts/2026/opendcim-sqli-to-rce/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Chocapikk/opendcim-exploit"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664"
},
{
"tags": [
"patch"
],
"url": "https://github.com/opendcim/openDCIM/pull/1664/changes/8f7ab2a710086a9c8c269560793e47c577ddda09"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/install.php#L293"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/install.php#L420-L434"
},
{
"url": "https://github.com/opendcim/openDCIM/blob/4467e9c4/container-install.php#L421-L435"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/opendcim-missing-authorization-in-install-php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "openDCIM \u003c= 23.04 Missing Authorization in install.php",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28515",
"datePublished": "2026-02-27T22:11:37.303Z",
"dateReserved": "2026-02-27T21:07:55.465Z",
"dateUpdated": "2026-05-11T23:11:31.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48701 (GCVE-0-2025-48701)
Vulnerability from cvelistv5 – Published: 2025-05-23 00:00 – Updated: 2025-05-23 13:22
VLAI
Summary
openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:22:06.691852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:22:17.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "openDCIM",
"vendor": "openDCIM",
"versions": [
{
"lessThanOrEqual": "23.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T03:28:57.244Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/opendcim/openDCIM/issues/1601"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48701",
"datePublished": "2025-05-23T00:00:00.000Z",
"dateReserved": "2025-05-23T00:00:00.000Z",
"dateUpdated": "2025-05-23T13:22:17.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}