rConfig is an open source web configuration management utility. rConfig version 3.9.6 contains a security vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php, which can be exploited by attackers to execute arbitrary code via specially crafted files.