Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig 3.9.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Rconfig Rconfig 3.9.6
801
VMScore
CVE-2021-29005
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
Rconfig Rconfig 3.9.6
356
VMScore
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Rconfig Rconfig 3.9.6
578
VMScore
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
Rconfig Rconfig 3.9.6
1 Github repository
605
VMScore
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows malicious users to execute arbitrary code via a crafted ZIP file.
Rconfig Rconfig
605
VMScore
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows malicious users to execute arbitrary code via a crafted file.
Rconfig Rconfig 3.9.6
356
VMScore
CVE-2020-25351
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated malicious users to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Rconfig Rconfig 3.9.5
312
VMScore
CVE-2020-25352
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote malicious users to perform arbitrary Javascript execution through entering a crafted payload into the 'Model...
Rconfig Rconfig 3.9.5
356
VMScore
CVE-2020-25353
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated malicious users to open a connection to the machine via the deviceIpAddr and connPort parameters.
Rconfig Rconfig 3.9.5
570
VMScore
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext pa...
Rconfig Rconfig 3.9.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started