Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-13778
rConfig 3.9.4 and previous versions allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
Rconfig Rconfig
7.8
CVSSv3
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows malicious users to execute arbitrary code via a crafted ZIP file.
Rconfig Rconfig
8.8
CVSSv3
CVE-2019-16663
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
3 Github repositories
8.8
CVSSv3
CVE-2023-39108
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39109
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39110
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
6.5
CVSSv3
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows malicious users to download sensitive files via a crafted HTTP request.
Rconfig Rconfig 6.8.0
8.8
CVSSv3
CVE-2022-45030
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
Rconfig Rconfig 3.9.7
5.4
CVSSv3
CVE-2020-12256
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
Rconfig Rconfig 3.9.4
9.1
CVSSv3
CVE-2020-12258
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
Rconfig Rconfig 3.9.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »