Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig 3.9.5 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-25351
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated malicious users to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Rconfig Rconfig 3.9.5
356
VMScore
CVE-2020-25353
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated malicious users to open a connection to the machine via the deviceIpAddr and connPort parameters.
Rconfig Rconfig 3.9.5
570
VMScore
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext pa...
Rconfig Rconfig 3.9.5
312
VMScore
CVE-2020-25352
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote malicious users to perform arbitrary Javascript execution through entering a crafted payload into the 'Model...
Rconfig Rconfig 3.9.5
445
VMScore
CVE-2020-23148
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a LDAP injection and obtain sensitive information via a crafted POST request.
Rconfig Rconfig 3.9.5
445
VMScore
CVE-2020-23149
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a SQL injection and access sensitive database information.
Rconfig Rconfig 3.9.5
445
VMScore
CVE-2020-23150
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows malicious users to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
Rconfig Rconfig 3.9.5
668
VMScore
CVE-2020-23151
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Rconfig Rconfig 3.9.5
356
VMScore
CVE-2020-15712
rConfig 3.9.5 could allow a remote authenticated malicious user to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to vie...
Rconfig Rconfig 3.9.5
578
VMScore
CVE-2020-15714
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end dat...
Rconfig Rconfig 3.9.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »