Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-13638
lib/crud/userprocess.php in rConfig 3.9.x prior to 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
Rconfig Rconfig
801
VMScore
CVE-2020-13778
rConfig 3.9.4 and previous versions allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
Rconfig Rconfig
1000
VMScore
CVE-2019-16662
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
2 EDB exploits
4 Github repositories
802
VMScore
CVE-2019-16663
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
3 Github repositories
312
VMScore
CVE-2020-25352
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote malicious users to perform arbitrary Javascript execution through entering a crafted payload into the 'Model...
Rconfig Rconfig 3.9.5
605
VMScore
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows malicious users to execute arbitrary code via a crafted file.
Rconfig Rconfig 3.9.6
312
VMScore
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
Rconfig Rconfig 3.9.4
356
VMScore
CVE-2020-25351
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated malicious users to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Rconfig Rconfig 3.9.5
356
VMScore
CVE-2020-25353
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated malicious users to open a connection to the machine via the deviceIpAddr and connPort parameters.
Rconfig Rconfig 3.9.5
570
VMScore
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext pa...
Rconfig Rconfig 3.9.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »