Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-39108
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39109
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39110
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2022-45030
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
Rconfig Rconfig 3.9.7
6.5
CVSSv3
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows malicious users to download sensitive files via a crafted HTTP request.
Rconfig Rconfig 6.8.0
8.8
CVSSv3
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows malicious users to execute arbitrary code via a crafted PHP file.
Rconfig Rconfig 3.9.6
8.8
CVSSv3
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24389
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerabi...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2021-29005
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
Rconfig Rconfig 3.9.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »