Openmediavault Remote Code Execution / Local Privilege Escalation

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.

admin can code code execution commands connections escalation exploiting local local privilege escalation privilege privilege escalation privileges remote code remote code execution result reverse reverse shell root run shell the web vulnerability web