Ancst

**Name of the Vulnerable Software and Affected Versions** openmediavault versions prior to 4.1.36 openmediavault versions 5.x prior to 5.5.12 **Description** The issue allows authenticated PHP code injection attacks via the `sortfield` POST parameter of "rpc.php", due to the lack of `json encode safe` usage in config/databasebackend.inc. This can lead to arbitrary command execution on the underlying operating system as root. **Recommendations** For openmediavault versions prior to 4.1.36, update to version 4.1.36 or later. For openmediavault versions 5.x prior to 5.5.12, update to version 5.5.12 or later. As a temporary workaround, consider restricting access to the "rpc.php" endpoint to minimize the risk of exploitation. Avoid using the `sortfield` parameter in the affected API endpoint until the issue is resolved.