Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2019-19509

Published: 06/01/2020 Updated: 31/01/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 905
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Rconfig

Vulnerability Summary

An issue exists in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rconfig rconfig 3.9.3

Exploits

Exploit DB: Rconfig 3.x - Chained Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Rconf ...
Exploit DB: rConfig 3.9.3 Remote Code Execution
rConfig version 393 suffers from an authenticated remote code execution vulnerability ...
Exploit DB: Rconfig 3.x Chained Remote Code Execution
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload Valid credentials for a user with administrative privileges are required However, this module can bypass authentication via SQL injection ...
Exploit DB: rConfig 3.9.4 searchField Remote Code Execution
rConfig version 394 searchField unauthenticated remote root code execution exploit ...

Github Repositories

https://github.com/v1k1ngfr/exploits-rconfig

Exploit codes for rconfig <= 3.9.4

exploits Three exploits for rconfig &lt;= 394 : CVE-2019-19509 : authenticated RCE CVE-2019-19585 : Local Privilege Escalation (root) CVE-2020-10220 : unauthenticated SQLi rconfig_root_RCE_unauthpy : chaining the three CVEs above to get root reverse shell without authentication rconfig_ajaxarchivefiles_rcerb : Rconfig 3x - Chained Remote

References

CWE-78https://github.com/v1k1ngfrhttps://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_exploit.py?token=https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.pyhttp://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/v1k1ngfr/exploits-rconfighttps://www.exploit-db.com/exploits/48223
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook