High severity8.8NVD Advisory· Published Oct 11, 2021· Updated Jul 9, 2026
CVE-2021-29004
CVE-2021-29004
Description
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- rConfig/rConfigdescription
Patches
Vulnerability mechanics
References
3- github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txtnvdThird Party Advisory
- github.com/mrojz/rconfig-exploit/blob/main/README.mdnvdThird Party Advisory
- rconfig.comnvdVendor Advisory
News mentions
0No linked articles in our index yet.