Security Advisory

CVE-2026-28516

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 22:11:52

Last updated 2026-05-11 23:11:32

Assigner VulnCheck

State PUBLISHED

Description

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database.

← Browse all CVEs View on cve.org ↗