Critical severityNVD Advisory· Published Aug 11, 2025· Updated Apr 15, 2026
CVE-2012-10040
CVE-2012-10040
Description
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- web.archive.org/web/20210922060411/https://itsecuritysolutions.org/2012-09-06-Openfiler-v2.x-multiple-vulnerabilities/nvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/openfiler_networkcard_exec.rbnvd
- sourceforge.net/projects/openfiler/nvd
- www.exploit-db.com/exploits/21191nvd
- www.openfiler.comnvd
News mentions
0No linked articles in our index yet.