rConfig is an open source network device configuration management utility. rConfig version 3.9.5 contains a SQL injection vulnerability in config.inc.php, which can be exploited by sending a specially crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php to access sensitive database information.