Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig 3.9.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-12255
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .p...
Rconfig Rconfig 3.9.4
1 Github repository
9.1
CVSSv3
CVE-2020-12258
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
Rconfig Rconfig 3.9.4
5.4
CVSSv3
CVE-2020-12256
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
Rconfig Rconfig 3.9.4
5.4
CVSSv3
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39108
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39109
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2023-39110
rconfig v3.9.4 exists to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated malicious users to make arbitrary requests via injection of crafted URLs.
Rconfig Rconfig 3.9.4
7.8
CVSSv3
CVE-2019-19585
An issue exists in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an malicious user to bypass loc...
Rconfig Rconfig 3.9.3
1 Metasploit module
1 Github repository
9.8
CVSSv3
CVE-2020-10220
An issue exists in rConfig up to and including 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
Rconfig Rconfig
2 EDB exploits
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »