Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-10879
rConfig prior to 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
Rconfig Rconfig
6.8
CVSSv2
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows malicious users to execute arbitrary code via a crafted ZIP file.
Rconfig Rconfig
NA
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows malicious users to download sensitive files via a crafted HTTP request.
Rconfig Rconfig 6.8.0
4
CVSSv2
CVE-2020-15712
rConfig 3.9.5 could allow a remote authenticated malicious user to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to vie...
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15714
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end dat...
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15715
rConfig 3.9.5 could allow a remote authenticated malicious user to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
Rconfig Rconfig 3.9.5
3.5
CVSSv2
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
Rconfig Rconfig 3.9.4
6.5
CVSSv2
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
Rconfig Rconfig 3.9.6
1 Github repository
4
CVSSv2
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Rconfig Rconfig 3.9.6
6.5
CVSSv2
CVE-2019-19207
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
Rconfig Rconfig 3.9.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »