rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...