rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rconfig rconfig 3.9.5 |