CVE-2019-16663

2019-10-28T12:15:00
ID CVE-2019-16663
Type cve
Reporter cve@mitre.org
Modified 2019-10-29T19:02:00

Description

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.