Browse all 4 CVE security advisories affecting openDCIM. AI-powered Chinese analysis, POCs, and references for each vulnerability.
openDCIM serves as an open-source data center infrastructure management solution for tracking assets, capacity, and power usage. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from input validation flaws and insecure default configurations. The application's web interface has been particularly susceptible to XSS attacks due to insufficient sanitization of user inputs. While no major security incidents have been widely documented, the presence of four CVEs indicates ongoing security challenges. The software's modular architecture and extensive configuration options require careful hardening to mitigate risks, particularly for internet-exposed deployments where unpatched vulnerabilities could lead to complete system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28517 | openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter — openDCIMCWE-78 | 9.8 | - | 2026-02-27 |
| CVE-2026-28516 | openDCIM <= 23.04 SQL Injection in Config::UpdateParameter — openDCIMCWE-89 | 8.8 | - | 2026-02-27 |
| CVE-2026-28515 | openDCIM <= 23.04 Missing Authorization in install.php — openDCIMCWE-862 | 8.8 | - | 2026-02-27 |
| CVE-2025-48701 | openDCIM SQL注入漏洞 — openDCIMCWE-89 | 5.4 | Medium | 2025-05-23 |
This page lists every published CVE security advisory associated with openDCIM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.