Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-13778
rConfig 3.9.4 and previous versions allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
Rconfig Rconfig
9.8
CVSSv3
CVE-2020-10220
An issue exists in rConfig up to and including 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
Rconfig Rconfig
2 EDB exploits
2 Github repositories
8.8
CVSSv3
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Rconfig Rconfig 3.9.6
6.5
CVSSv3
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows malicious users to download sensitive files via a crafted HTTP request.
Rconfig Rconfig 6.8.0
8.8
CVSSv3
CVE-2023-39108
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39109
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39110
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2022-45030
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
Rconfig Rconfig 3.9.7
7.5
CVSSv3
CVE-2020-23149
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a SQL injection and access sensitive database information.
Rconfig Rconfig 3.9.5
9.8
CVSSv3
CVE-2020-23151
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Rconfig Rconfig 3.9.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »