Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39108
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
NA
CVE-2023-39109
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
NA
CVE-2023-39110
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
NA
CVE-2022-45030
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
Rconfig Rconfig 3.9.7
NA
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows malicious users to download sensitive files via a crafted HTTP request.
Rconfig Rconfig 6.8.0
NA
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Rconfig Rconfig 3.9.6
9
CVSSv2
CVE-2022-24389
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerabi...
Fidelissecurity Deception
Fidelissecurity Network
6.5
CVSSv2
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
9
CVSSv2
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
4
CVSSv2
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Rconfig Rconfig 3.9.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »