rConfig
by rConfig
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10221 | Hig | 0.75 | 8.8 | 0.37 | KEV | Mar 8, 2020 | lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | |
| CVE-2020-10220 | Cri | 0.75 | 9.8 | 1.00 | Mar 7, 2020 | An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | ||
| CVE-2019-16662 | Cri | 0.75 | 9.8 | 0.98 | Oct 28, 2019 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | ||
| CVE-2020-10879 | Cri | 0.73 | 9.8 | 0.84 | Mar 23, 2020 | rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | ||
| CVE-2020-10546 | Cri | 0.71 | 9.8 | 0.87 | Jun 4, 2020 | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||
| CVE-2020-13638 | Cri | 0.70 | 9.8 | 0.77 | Nov 13, 2020 | lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | ||
| CVE-2020-10549 | Cri | 0.67 | 9.8 | 0.36 | Jun 4, 2020 | rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||
| CVE-2020-10548 | Cri | 0.67 | 9.8 | 0.36 | Jun 4, 2020 | rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||
| CVE-2020-10547 | Cri | 0.67 | 9.8 | 0.36 | Jun 4, 2020 | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||
| CVE-2019-19509 | Hig | 0.66 | 8.8 | 0.72 | Jan 6, 2020 | An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | ||
| CVE-2020-15715 | Cri | 0.65 | 9.9 | 0.04 | Jul 28, 2020 | rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. | ||
| CVE-2020-23151 | Cri | 0.64 | 9.8 | 0.06 | Aug 9, 2021 | rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | ||
| CVE-2019-16663 | Hig | 0.64 | 8.8 | 0.85 | Oct 28, 2019 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||
| CVE-2022-44384 | Hig | 0.61 | 8.8 | 0.05 | Nov 17, 2022 | An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2020-12255 | Hig | 0.61 | 8.8 | 0.53 | May 18, 2020 | rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a… | ||
| CVE-2022-45030 | Hig | 0.60 | 8.8 | 0.03 | Apr 15, 2023 | A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | ||
| CVE-2020-25359 | Cri | 0.59 | 9.1 | 0.02 | Aug 20, 2021 | An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext… | ||
| CVE-2020-12258 | Cri | 0.59 | 9.1 | 0.02 | May 18, 2020 | rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. | ||
| CVE-2019-19207 | Hig | 0.59 | 8.8 | 0.23 | Nov 21, 2019 | rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | ||
| CVE-2020-13778 | Hig | 0.58 | 8.8 | 0.04 | Oct 19, 2020 | rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. |
- risk 0.75cvss 8.8epss 0.37
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
- risk 0.75cvss 9.8epss 1.00
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
- risk 0.75cvss 9.8epss 0.98
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
- risk 0.73cvss 9.8epss 0.84
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
- risk 0.71cvss 9.8epss 0.87
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
- risk 0.70cvss 9.8epss 0.77
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
- risk 0.67cvss 9.8epss 0.36
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
- risk 0.67cvss 9.8epss 0.36
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
- risk 0.67cvss 9.8epss 0.36
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
- risk 0.66cvss 8.8epss 0.72
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
- risk 0.65cvss 9.9epss 0.04
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
- risk 0.64cvss 9.8epss 0.06
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
- risk 0.64cvss 8.8epss 0.85
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
- risk 0.61cvss 8.8epss 0.05
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.61cvss 8.8epss 0.53
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a…
- risk 0.60cvss 8.8epss 0.03
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
- risk 0.59cvss 9.1epss 0.02
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext…
- risk 0.59cvss 9.1epss 0.02
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
- risk 0.59cvss 8.8epss 0.23
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
- risk 0.58cvss 8.8epss 0.04
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
Page 1 of 3