Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig 3.9.5 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-25351
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated malicious users to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Rconfig Rconfig 3.9.5
3.5
CVSSv2
CVE-2020-25352
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote malicious users to perform arbitrary Javascript execution through entering a crafted payload into the 'Model...
Rconfig Rconfig 3.9.5
4
CVSSv2
CVE-2020-25353
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated malicious users to open a connection to the machine via the deviceIpAddr and connPort parameters.
Rconfig Rconfig 3.9.5
6.4
CVSSv2
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext pa...
Rconfig Rconfig 3.9.5
5
CVSSv2
CVE-2020-23148
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a LDAP injection and obtain sensitive information via a crafted POST request.
Rconfig Rconfig 3.9.5
5
CVSSv2
CVE-2020-23149
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a SQL injection and access sensitive database information.
Rconfig Rconfig 3.9.5
5
CVSSv2
CVE-2020-23150
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows malicious users to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
Rconfig Rconfig 3.9.5
7.5
CVSSv2
CVE-2020-23151
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15714
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end dat...
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15713
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end database.
Rconfig Rconfig 3.9.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »