Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows malicious users to execute arbitrary code via a crafted ZIP file.
Rconfig Rconfig
9.8
CVSSv3
CVE-2020-10549
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Rconfig Rconfig
6.5
CVSSv3
CVE-2020-25351
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated malicious users to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Rconfig Rconfig 3.9.5
6.5
CVSSv3
CVE-2020-25353
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated malicious users to open a connection to the machine via the deviceIpAddr and connPort parameters.
Rconfig Rconfig 3.9.5
9.1
CVSSv3
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext pa...
Rconfig Rconfig 3.9.5
6.5
CVSSv3
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Rconfig Rconfig 3.9.6
8.8
CVSSv3
CVE-2019-19509
An issue exists in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.3
1 EDB exploit
1 Github repository
7.8
CVSSv3
CVE-2019-19585
An issue exists in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an malicious user to bypass loc...
Rconfig Rconfig 3.9.3
1 Metasploit module
1 Github repository
4.3
CVSSv3
CVE-2020-15712
rConfig 3.9.5 could allow a remote authenticated malicious user to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to vie...
Rconfig Rconfig 3.9.5
8.8
CVSSv3
CVE-2020-15713
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end database.
Rconfig Rconfig 3.9.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »